Back to top
Response to "ICA should shed more light on why SingPost is assigned iris scan collector" (TODAY, 3 January 2017)
TODAY
9 January 2017
Safeguards in place for iris enrolment
We refer to Mr Dharmendra Yadav’s letter, “ICA should shed more light on why SingPost is assigned iris scan collector” (Jan 3).
The Immigration and Checkpoints Authority partners external agencies to provide greater convenience to the public for some services.
We select these services carefully so that non-ICA employees perform only administrative and non-sensitive functions, such as facilitating identity card and passport collection and iris enrolment.
We will only appoint agencies that can meet stringent operational and security requirements. For example, they must be able to handle and store important documents, such as identity cards and passports, securely.
The ICA also has other measures to safeguard the integrity of personal records. For example, iris images enrolled by SingPost employees are transmitted directly to the ICA and stored in our secure database. The role of SingPost employees is only to guide the public through the enrolment process.
The ICA has systems and processes in place to guard against unauthorised access of data and to ensure data integrity. Regular audits are conducted to ensure compliance.
Serene Wong (Ms)
Head
Public & Internal Communications
Corporate Communications Division
Immigration & Checkpoints Authority
<Original letter>
TODAY
3 January 2017
ICA should shed more light on why SingPost is assigned iris scan collector
I refer to the report “Collection of iris scans to begin Jan 1 at ICA, SingPost outlets” (Dec 28).
It was already worrying that a key government function of personal identification data collection will now be outsourced to independent service providers, and Members of Parliament have expressed reservations about this in Parliament.
The passing of the legislation by Parliament was nevertheless an acknowledgment of the reality that the Immigration and Checkpoints Authority (ICA), given its own limited resources, needs some help to comprehensively oversee how information in the national registration data base is collected, accessed and used.
Unfortunately, SingPost, the provider shortlisted by ICA, is a listed company that has been the subject of a corporate governance crisis and an investigation of possible breaches of the Companies Act.
The ICA should share more about the considerations it exercised in shortlisting SingPost, particularly if it considered other service providers with a better corporate governance track record.
In addition, as such providers will now be able to perform functions — albeit carefully selected — that strike at the core of a citizen’s identity, it will be prudent for the ICA to enhance the transparency and accountability of the national registration process, such as disclosing information on parties that have sought to access one’s personal data, and the purposes for which the personal data were sought from the ICA.
If the citizen believes that the information has been accessed improperly, the ICA can provide a redress mechanism.
There is already a precedent for this in the financial records of a Singapore tax resident — that is, such a person can seek, review and query a similar report on his or her personal financial data from Credit Bureau Singapore. If a small vendor such as Credit Bureau Singapore can do this effectively and efficiently, a Singaporean can surely expect more from the ICA.
Alternatively, Parliament can seek to subject the ICA to the personal data request and complaints procedures provided in the Personal Data Protection Act.
Dharmendra Yadav
9 January 2017
Safeguards in place for iris enrolment
We refer to Mr Dharmendra Yadav’s letter, “ICA should shed more light on why SingPost is assigned iris scan collector” (Jan 3).
The Immigration and Checkpoints Authority partners external agencies to provide greater convenience to the public for some services.
We select these services carefully so that non-ICA employees perform only administrative and non-sensitive functions, such as facilitating identity card and passport collection and iris enrolment.
We will only appoint agencies that can meet stringent operational and security requirements. For example, they must be able to handle and store important documents, such as identity cards and passports, securely.
The ICA also has other measures to safeguard the integrity of personal records. For example, iris images enrolled by SingPost employees are transmitted directly to the ICA and stored in our secure database. The role of SingPost employees is only to guide the public through the enrolment process.
The ICA has systems and processes in place to guard against unauthorised access of data and to ensure data integrity. Regular audits are conducted to ensure compliance.
Serene Wong (Ms)
Head
Public & Internal Communications
Corporate Communications Division
Immigration & Checkpoints Authority
<Original letter>
TODAY
3 January 2017
ICA should shed more light on why SingPost is assigned iris scan collector
I refer to the report “Collection of iris scans to begin Jan 1 at ICA, SingPost outlets” (Dec 28).
It was already worrying that a key government function of personal identification data collection will now be outsourced to independent service providers, and Members of Parliament have expressed reservations about this in Parliament.
The passing of the legislation by Parliament was nevertheless an acknowledgment of the reality that the Immigration and Checkpoints Authority (ICA), given its own limited resources, needs some help to comprehensively oversee how information in the national registration data base is collected, accessed and used.
Unfortunately, SingPost, the provider shortlisted by ICA, is a listed company that has been the subject of a corporate governance crisis and an investigation of possible breaches of the Companies Act.
The ICA should share more about the considerations it exercised in shortlisting SingPost, particularly if it considered other service providers with a better corporate governance track record.
In addition, as such providers will now be able to perform functions — albeit carefully selected — that strike at the core of a citizen’s identity, it will be prudent for the ICA to enhance the transparency and accountability of the national registration process, such as disclosing information on parties that have sought to access one’s personal data, and the purposes for which the personal data were sought from the ICA.
If the citizen believes that the information has been accessed improperly, the ICA can provide a redress mechanism.
There is already a precedent for this in the financial records of a Singapore tax resident — that is, such a person can seek, review and query a similar report on his or her personal financial data from Credit Bureau Singapore. If a small vendor such as Credit Bureau Singapore can do this effectively and efficiently, a Singaporean can surely expect more from the ICA.
Alternatively, Parliament can seek to subject the ICA to the personal data request and complaints procedures provided in the Personal Data Protection Act.
Dharmendra Yadav