| Identity Cards Act 2006 | |
| 2006 Chapter 15 - continued | |
| back to previous text | |
|
Section 8: Functions of persons issuing designated documents 62 A designated documents authority is defined as an issuer of a designated document as described in section 4. This section sets out how common standards will be set for all designated documents authorities in carrying out their functions in relation to the Register and ID cards. 63 Subsection (1) requires that a designated document may only be issued if the designated documents authority is satisfied that:
64 Subsection (2) requires that, where a designated document is issued to an individual who does not hold a valid ID card, the designated documents authority must ensure that the document is issued with an ID card satisfying the requirements set out in regulations, unless the individual is being issued with a designated document on a application falling within section 6(7) (temporary opt out for British passport applicants). 65 Regulations made under subsection 2 are subject to the affirmative resolution procedure (subsection (5)) 66 Subsection (3) sets out in more detail the requirements that may be imposed on designated documents authorities, regarding:
67 Subsection (4) allows the Secretary of State to make regulations requiring those issuing designated documents together with ID Cards to notify the Secretary of State where a designated document is modified, suspended or revoked; or required to be surrendered. Maintaining accuracy of Register etc. Section 9: Power to require information for validating Register 68 This section deals with the provisions permitting data to be shared with the Secretary of State and designated documents authorities for the purposes of verifying information to be recorded or which is currently recorded on the National Identity Register. This is specifically about ensuring the accuracy of the Register and it does not confer the power to share data for wider purposes. Neither does it allow the Secretary of State or a designated documents authority to request information that is not relevant for the purposes of validating the Register. 69 Subsections (1) and (3) place a duty on a person to provide to the Secretary of State information required by him for the purposes of verifying an individual's entry on the Register. Subsection (2) extends this obligation to disclose specified information to a designated document authority when so required by that authority. Subsection (3) also enables the Secretary of State or a designated document authority to require the information within a specified timescale. 70 Subsection (4) sets out that a requirement may be imposed on any person specified for the purposes in an order, for example local government or bodies in the private sector. Subsection (5) clarifies that this could also include for example, central government organisations and the devolved administrations in Northern Ireland and Wales. Orders under this section are subject to the affirmative resolution procedure (subsection (8)). 71 Subsection (6) provides that orders under this section can provide that the duty of a person to provide information may be enforced via civil proceedings. In the case of public authorities, normal public law remedies such as judicial review will apply. 72 Subsection (7) enables the Secretary of State to pay those from whom he is requiring information to be provided. Section 10: Notification of changes affecting accuracy of Register 73 This section sets out how changes in circumstances should be notified in order to maintain the accuracy of the Register. 74 Subsection (1) places a person issued with an ID Card under a duty to notify the Secretary of State of any change in his circumstances that may be prescribed, for example, change of address or change of name, and to notify the Secretary of State of every error in the information held about him of which he is aware. This will enable the Register to maintain accurate information. This duty does not apply to those persons whose information is held on the Register, but who have not been issued with an ID card, for example in accordance with section 6(7). The notification procedures are to be set out in regulations (subsection (2)). 75 A person may be required to provide further information to verify the information that may be entered as a consequence of the notification or to ensure that the entry is up to date (subsection (3)). This requirement to provide further information may include personal attendance, being photographed, allowing biometric information to be recorded or otherwise providing information. Again "fingerprint" and "biometric information" are defined in section 42(1). The information that a person may be required to provide by regulations under this section is limited to that which is needed for the Secretary of State for the statutory purposes. 76 Subsection (6) provides that the Secretary of State must make regulations on the first occasion, by means of affirmative resolution requiring approval by both Houses of Parliament. 77 Subsection (7) provides that the maximum penalty for failure to comply with a requirement under this section is a civil penalty of £1,000. Section 11: Invalidity and surrender of ID cards 78 This section covers invalidity and surrender of ID cards. 79 Subsection (1) provides that regulations can impose a requirement that an individual who knows or has reason to suspect the fact that his ID card has been lost, stolen, damaged, destroyed or tampered with, must report this to the Secretary of State or other person as prescribed. If a card was issued based on inaccurate information, requires modification or has been lost, stolen, damaged, destroyed or tampered with, or is of a particular sub-set of cards (for example where security has been compromised), or if the holder of the card's entry has been modified, then the card may be cancelled (subsection (2)). "Damaged" includes becoming unreadable or unusable and "tampered with" includes references to information in or on the card having been modified or copied for an unlawful purpose (subsection (7)). 80 Subsection (3) provides that if a person is in possession of an ID card which does not belong to him, without the authority of the individual to whom the card was issued or permission from the Secretary of State, he must surrender it as soon as practicable. 81 The Secretary of State may require a person to surrender an ID card that is not his, is invalid, is of a sub-set of cards the Secretary of State has determined should be re-issued, or where an individual is in the possession of an ID card in contravention of a requirement under an enactment to surrender it or another document. It may be necessary for example, when renewing an ID card to surrender the old card at the time of re-application. Sub-sets of cards may also need to be surrendered, for example, where the security has been compromised. The card must be surrendered within such period as the Secretary of State may specify (subsection (4)). 82 Failure to surrender in these circumstances would make an individual liable to a civil penalty not exceeding £1,000 (subsection 6). Provision of information from Register for verification purposes etc. Section 12: Provision of information for verification or otherwise with consent 83 This section enables the provision of an identity verification service which operates with the consent of the individual. The service is subject to an accreditation requirement for user organisations. 84 Subsection (1) gives the Secretary of State the power to provide a person with certain information recorded in an entry about an individual provided that the individual concerned consents. Provision of information includes confirming that the information is or is not recorded in his entry (section 42(7)). 85 Subsection (2) provides that only a limited part of the individual's entry on the Register may be provided to a person under this section. This includes information within paragraphs 1, 3 and 4 of Schedule 1, the photograph, signature, information concerning whether the ID card is valid, voluntary information, security questions, the grant/refusal of confirmation that submitted information falling in subsection (3) matches that which is held on the Register and the grant/refusal of confirmation that the individual's entry does not contain information of a particular description within that subsection. The latter might be necessary, for example, to verify the identity of an individual whose biometric could not be recorded at the time of enrolment (e.g. because of a medical condition). This limitation on the information that may be checked means that information falling in other parts of Schedule 1, for example the records of provision of information and validation information, may not be provided to organisations verifying identity under this section, regardless of the consent of the individual concerned. 86 Subsection (2(g)) limits the provision of certain information to a grant or refusal of confirmation that information submitted matches information held on the Register. Subsection (3) lists the information which is subject to that limitation. It includes biometric information (including fingerprint information), passwords, codes, security numbers and security answers. So, subsection (2) does not permit provision of fingerprint data from the Register, but it does permit confirmation that a person's fingerprint matches that which is recorded on his entry on the Register. 87 Subsection (4) enables the Secretary of State to amend by affirmative order subsections (2) and (3), and allows regulations to be made further restricting the information that may be provided under section (2). This could be used, for example, to ensure that particular categories of people do not have certain information about themselves provided to other organisations, for example where it might be sensitive as in the case of the previous names of transsexual people. This power may also be used more broadly to restrict further the information that is provided to specific types of organisations where all the information falling under section 12(2) is not necessary for their verification purposes. Subsection (5) limits the Secretary of State's powers to modify subsections (2) and (3) such that he may not omit subsection (2) or add information falling within paragraph 9 of Schedule 1 to either subsection (2) or (3). 88 Subsection (10) ensures that the restrictions on the provision of data under section 12 do not interfere with rights to be provided with information under other Acts, for example subject access rights under the Data Protection Act 1998. 89 Subsection (6) provides that the Secretary of State may make regulations subject to the negative resolution procedure prescribing how an authority or consent is to be given, the persons who can make an application, in what circumstances an application may be made, and how an application can be made. Subsection (8) enables information to be provided only where regulations under subsection (7)(a) and (b) have been complied with. The Secretary of State must therefore make regulations under subsection (7) to "accredit" organisations before any information can be provided to them from the Register. 90 This section therefore requires an accreditation scheme to be established so that only those organisations that have been approved will be able to make checks on the ID cards of individuals who have consented to verification checks against the Register. The accreditation regulations will include a requirement that to be provided with information from the Register, an applicant must have registered certain details with the Secretary of State, and furthermore that the person and the applicant for information must have been approved by the Secretary of State. The regulations may also require that the equipment being used is accredited with the Secretary of State (subsection (7)). 91 Section 40(7) sets out in more detail what regulations for the approval of a person or of apparatus might include. Required identity checks Section 13: Power to make public services conditional on identity checks 92 Identity Cards - the next steps (Cm 6020) sets out two objectives for the use of ID cards in relation to public services. These were to simplify checks on eligibility for services and to reduce fraudulent use of services. This section provides a power to make, on a case by case basis, a link between the ID cards scheme and the provision of public services. This power will only be used where power does not exist elsewhere, for example in social security legislation. Section 42(2) defines what is meant by the provision of a public service. 93 Subsection (1) provides a power to make regulations which allow or require a person who provides a public service to make it a condition of providing the service that an individual produces an ID card and/or other evidence of his registrable facts. This will give service providers flexibility in deciding what proof of identity is the most appropriate in the particular circumstances and what level of identity check is necessary. The ID card on its own may suffice. Alternatively, someone's identity could be checked against the Register, using for example a biometric, when the card is not present. 94 Subsection (2) ensures that regulations made under subsection (1) cannot make it a requirement to produce an ID card or information which can be verified against the National Identity Register in order to receive payments provided under legislation or any service provided free of charge before it is compulsory for that individual to register. This means that an order under section 13 cannot make it a requirement for a person to produce a card, for example to receive social security benefits or free NHS treatment, until it is compulsory for that person to be registered. As noted above, compulsory registration means an obligation to register imposed under future primary legislation. 95 Subsection (3) specifically excludes the possibility of an order under section 13 making the carrying of cards compulsory. This includes both the carrying of a card and its production on demand other than for the purposes of an application for a public service. 96 Section 43(2) provides that the powers under this section do not extend to public services provided in Scotland that are within the legislative competence of the Scottish Parliament. If the Scottish Parliament wishes to make production of a card a condition of the provision of those services, it would first have to pass its own Act. Section 14: Procedures for regulations under s. 13 97 This section sets out the procedure for making regulations under section 13, including in relation to devolved administrations. 98 Subsection (1) sets out who may make regulations under section 13. Where the provision of public services is the responsibility of the National Assembly for Wales, only the Assembly may make regulations under section 13. In Northern Ireland, the power to make regulations under section 13 in relation to the provision of Northern Irish public services is exercisable by such Northern Ireland department as may be designated for that purpose by order made by the Office of the First Minister and deputy First Minister. Where this power is not exercisable by the National Assembly for Wales or a Northern Ireland Department, the Secretary of State may make regulations. 99 Subsection (2) states that the 'provision of Welsh public services' means the provision of public services in Wales to the extent that such provision is something which the National Assembly for Wales has functions. And the provision of Northern Ireland public services means the provision of public services in Northern Ireland to the extent that it is a transferred matter. 100 Regulations made under section 13 must be approved by a resolution in both Houses of Parliament in the case of regulations made by the Secretary of State; and in the case of regulations in Northern Ireland, they must be laid before and approved by the Northern Ireland Assembly (subsection (3)). 101 Under subsection (4), before any regulations are made there must be steps taken for ensuring that members of the public likely to be affected are informed and consulted on the proposal. Subsection (5) provides that this must include the reasons for the proposal and why existing provisions under legislation governing the particular service are not sufficient to create the necessary link; i.e. why the section 13 power is being relied on. 102 Subsection (6) requires there to be consultation with interested parties, for example the providers of a public service, before any regulations are made under section 13 if there is an equivalent requirement in other legislation governing that service to consult these interested parties. Section 15: Power to provide for checks on the Register 103 This section provides a power to the Secretary of State to enable checks to be made of information recorded in the Register by people providing public services. It also gives the Secretary of State the power to regulate identity checks, including an accreditation scheme for user organisations and the equipment they are using. 104 Subsection (1) enables the Secretary of State to make regulations allowing the provision of information to a person providing a public service for which regulations under section 13 have been made or in respect of which any other legislation makes it a condition to produce an ID card or any other evidence of registrable facts recorded on the Register. This must be for the purposes of ascertaining or verifying information about an individual applying for the public service. 105 Subsection (2) limits the Regulation making power such that information falling under paragraph 9 of Schedule 1 (audit log information) may not be provided under this section. 106 Subsection (3) provides that regulations may specify the manner in which applications for checks on the Register are to be made, the persons by whom and the circumstances in which the application may be made, the information that may be provided and how it may be provided. 107 Subsections (4) and (5) read together have the effect that the provision of information under this section may only take place where the Secretary of State has made regulations requiring accreditation, and the applicant for information has satisfied the requirements of those regulations. Section 40(7) sets out in more detail what regulations for the approval of a person or of apparatus may include. 108 The regulations are subject to the affirmative resolution procedure (Subsection (6)). Before any draft regulations are laid before Parliament, the Secretary of State must take steps to ensure that members of the public in the United Kingdom are informed and consulted on any proposals (Subsection (7)). 109 Subsection (8) ensures that "enactment" for the purposes of this section includes an Act of the Scottish Parliament. This means that if a Scottish Act were to make it a condition of providing a service that an ID Card or evidence of registrable facts be produced, the Scottish service provider could apply for a check against the Register. Section 16: Prohibition on requirements to produce identity cards 110 This section places prohibitions on requiring people to produce ID cards or information from their entries on the Register. It is designed to prevent 'backdoor' compulsion by ensuring that organisations only place requirements on people in relation to ID Cards, to the extent that that is permitted by this or other legislation. 111 Subsection (1) makes it unlawful to make it a condition of doing anything in relation to a person, e.g. providing him with a service, that that person:
There are no exceptions to these prohibitions. 112 Subsection (2) makes it unlawful (subject to the exceptions in subsection (3)) to make it a condition of doing anything in relation to a person, that that person:
113 Three exceptions to the subsection (2) prohibitions are set out in subsection (3). The first exception is where the relevant condition has been imposed in accordance with regulations made under section 13 (power to make public services conditional on identity checks) or in accordance with provisions of another enactment. The second exception is where the organisation allows for reasonable alternative methods of proving identity, i.e. the requirement is not truly conditional. The third is where the individual concerned is subject to compulsory registration by virtue of future primary legislation. 114 Subsection (4) makes clear that the prohibitions in this section may be enforced by the individual in the civil courts. 115 Subsection (5) ensures that Acts of the Scottish Parliament are included in the definition of an enactment within this section. Therefore, if the Scottish Parliament decided to pass legislation making the provision of a public service conditional on the production of an ID card, by virtue of subsection (3)(a) that requirement would be exempted from the scope of the prohibitions in subsection (2). Other purposes for which registered information can be provided Section 17: Public authorities etc. 116 This section gives a power to provide information held on the Register to certain persons for specified purposes without the consent of the registered person. Subsection (1) allows for this provision so long as it is authorised by this section and complies with section 21 (which sets out the rules for using information without an individual's consent). 117 Subsection (2) provides that information may be provided without the consent of the individual, to specified national security and intelligence agencies for purposes connected with any of their functions. For example, the Security Service would be able to be provided with information for purposes connected with the protection of national security, the support of law enforcement agencies in the prevention and detection of serious crime and to safeguard the economic well-being of the United Kingdom, which are their statutory functions as set out in the Security Services Act 1989. 118 Subsection (3) provides a power to provide information apart from that specified within paragraph 9 of Schedule 1 (the audit log) to a chief officer of police, in the interests of national security, for the prevention or detection of crime or for other purposes as may be specified by order. Paragraph 9 of Schedule 1 (the audit log) records the details of each occasion on which there has been provision of information from a person's Register entry, as opposed to "static" information held on the Register, such as place and date of birth. 119 A similar power is provided in subsection (4) for the provision of information without consent (except audit log information) to the Commissioners of Her Majesty's Revenue & Customs, in the interests of national security, for the purposes of prevention and detection of crime, for functions relating to national insurance contributions and for the other purposes connected with the Commissioners set out in subsection (4). 120 Where information does not fall within paragraph 9 of Schedule 1 (i.e. it is not audit log information), provision of that information is permitted if it is made to a prescribed government department or a Northern Ireland department in order to carry out prescribed functions of that department or of the Minister in charge of that department (subsection (5)). Regulations could therefore be made permitting the provision of information without consent to other parts of government or Northern Ireland departments, e.g. to the Department for Work and Pensions for investigation of social security fraud, or to the Department for Social Development in Northern Ireland in connection with social security benefits or national insurance numbers. Regulations allowing information to be provided under this power will be subject to the affirmative resolution procedure (subsection (8)). 121 Subsection (6) sets out the purposes for which information may be provided without consent to a designated documents authority that issues documents designated under section 4. 122 Subsection (7) limits the Secretary of State's powers to authorise provision of information by subordinate legislation under this section to circumstances where provision is necessary in the public interest, as defined in section 1(4). 123 Subsection (9) defines terms used in section 17, in particular exactly who is covered by the term "chief officer of police". 124 "Crime" is defined in section 42(1) with reference to the Regulation of Investigatory Powers Act 2000 which defines "crime" as "conduct which constitutes one or more criminal offences or is, or corresponds to, any conduct which, if it all took place in any one part of the United Kingdom would constitute one or more criminal offences". 125 "Detection" is defined in section 42(1) and (9) with reference to the Regulation of Investigatory Powers Act 2000 which defines "detecting crime" as including "(a) establishing by whom, for what purpose, by what means and generally in what circumstances any crime was committed; and (b) the apprehension of the person by whom any crime was committed". 126 Subsection (10) ensures that this section does not restrict any powers existing elsewhere to disclose information. |
 | |
| Other Explanatory Notes | Home | Her Majesty's Stationery Office | |
| We welcome your comments on this site | © Crown Copyright 2006 | Prepared: 2 May 2006 |