Provision of information from Register for verification purposes etc.
Section 12: Provision of information for verification or otherwise with consent
83.This section enables the provision of an identity verification service which operates with the consent of the individual. The service is subject to an accreditation requirement for user organisations.
84.Subsection (1) gives the Secretary of State the power to provide a person with certain information recorded in an entry about an individual provided that the individual concerned consents. Provision of information includes confirming that the information is or is not recorded in his entry (section 42(7)).
85.Subsection (2) provides that only a limited part of the individual’s entry on the Register may be provided to a person under this section. This includes information within paragraphs 1, 3 and 4 of Schedule 1, the photograph, signature, information concerning whether the ID card is valid, voluntary information, security questions, the grant/refusal of confirmation that submitted information falling in subsection (3) matches that which is held on the Register and the grant/refusal of confirmation that the individual’s entry does not contain information of a particular description within that subsection. The latter might be necessary, for example, to verify the identity of an individual whose biometric could not be recorded at the time of enrolment (e.g. because of a medical condition). This limitation on the information that may be checked means that information falling in other parts of Schedule 1, for example the records of provision of information and validation information, may not be provided to organisations verifying identity under this section, regardless of the consent of the individual concerned.
86.Subsection (2(g)) limits the provision of certain information to a grant or refusal of confirmation that information submitted matches information held on the Register. Subsection (3) lists the information which is subject to that limitation. It includes biometric information (including fingerprint information), passwords, codes, security numbers and security answers. So, subsection (2) does not permit provision of fingerprint data from the Register, but it does permit confirmation that a person’s fingerprint matches that which is recorded on his entry on the Register.
87.Subsection (4) enables the Secretary of State to amend by affirmative order subsections (2) and (3), and allows regulations to be made further restricting the information that may be provided under section (2). This could be used, for example, to ensure that particular categories of people do not have certain information about themselves provided to other organisations, for example where it might be sensitive as in the case of the previous names of transsexual people. This power may also be used more broadly to restrict further the information that is provided to specific types of organisations where all the information falling under section 12(2) is not necessary for their verification purposes. Subsection (5) limits the Secretary of State’s powers to modify subsections (2) and (3) such that he may not omit subsection (2) or add information falling within paragraph 9 of Schedule 1 to either subsection (2) or (3).
88.Subsection (10) ensures that the restrictions on the provision of data under section 12 do not interfere with rights to be provided with information under other Acts, for example subject access rights under the Data Protection Act 1998.
89.Subsection (6) provides that the Secretary of State may make regulations subject to the negative resolution procedure prescribing how an authority or consent is to be given, the persons who can make an application, in what circumstances an application may be made, and how an application can be made. Subsection (8) enables information to be provided only where regulations under subsection (7)(a) and (b) have been complied with. The Secretary of State must therefore make regulations under subsection (7) to “accredit” organisations before any information can be provided to them from the Register.
90.This section therefore requires an accreditation scheme to be established so that only those organisations that have been approved will be able to make checks on the ID cards of individuals who have consented to verification checks against the Register. The accreditation regulations will include a requirement that to be provided with information from the Register, an applicant must have registered certain details with the Secretary of State, and furthermore that the person and the applicant for information must have been approved by the Secretary of State. The regulations may also require that the equipment being used is accredited with the Secretary of State (subsection (7)).
91.Section 40(7) sets out in more detail what regulations for the approval of a person or of apparatus might include.