News in Brief
Major Backlog of Driving Licences in South Africa
South Africa’s Department of Transport (DoT) announced that the country’s only driving licence card personalisation machine is back up and running after breaking down last month.
The DoT has updated the public that the driving licence card production machine is back in full production. This follows the department’s statement in May that the machine was taken out of production for three weeks in order to replace a broken part identified during routine maintenance.
The testing of the machine after the part replacement took another two weeks before it was certified to go back to full production. This will see an increase in production from the 60,000 cards produced over the past three weeks during the testing period to about 120,000 cards per week. The machine has printed an average 2.85 million cards per annum in the past two financial years. Since its commissioning in 1998 it has printed over 60 million driving licence cards.
The backlog is currently at 350,000 cards for the past five weeks. There is currently a catch-up plan to address the backlog, which will be cleared by end of August 2023.
The DoT is currently working to introduce a new driving licence card as approved by the country’s Cabinet in August 2022. The new card will be launched before the end of the current financial year. It will also bring with it new card production machines to replace the existing machines.
Survey Finds Citizens Expect Better Digital Identity Services
Entrust, a global provider of trusted identity, payments and data, has released results of a new multinational survey on Government-to-Citizen (G2C) interactions. The survey of more than 3,500 citizens across six countries (US, Australia, Canada, France, Germany and UK) offers insights into the state of the interactions between governments and their citizens.
As people become more accustomed to the convenience and speed of eCommerce interactions, they expect to see the same level of ease in all aspects of their lives – including when interacting with their governments. The majority of survey respondents (57%) said they prefer to conduct more of their interactions digitally, including access to government web portals (39%) and mobile applications (18%).
The survey found respondents have three key requirements from their government interactions above all else:
Convenience (55%): citizens want to be served when and where they need it and without having to wait too long.
Secure, easy methods of identity verification (53%): interactions should fit a consumer’s individual preferences, whether they prefer to verify their identity via digital biometrics or in person.
Data privacy (49%): as cyberattacks continue to escalate in both the public and private sectors, citizens want to be assured that their data is secure.
In a previous Entrust survey of 1,450 citizens across 12 countries, seven out of 10 respondents said they would likely use a digital form of government-issued ID if one were available, citing improved convenience as the primary reason. Integrating digital identities into a government’s existing physical identity credential program can enable improved eGovernment service delivery so no citizen is left behind.
WEF Publishes Digital ID Report
The ‘Reimagining Digital ID’ report from the World Economic Forum (WEF) lays out a series of recommendations for government officials, regulators and executives, defining risks such as data exploitation, political and technical risks.
One of the risks highlighted in the report is the possibility of personal data that is stored centrally being abused for marketing purposes.
‘Sensitive data, such as biometrics, carry a high risk of exploitation,’ says the report. ‘This is especially concerning in the case of marginalised communities such as refugees because it can facilitate discriminatory targeting.’
The best policy, the report notes, is to not collect highly sensitive data such as ethnic affiliation at all, as these are likely contributors to marginalisation or oppression.
The technical and policy analysis offers an overview of decentralised ID standards and proposals such as Verifiable Credentials (VCs), decentralised identifiers (DID), zero-knowledge proofs (ZKPs), soulbound tokens (SBTs). It also lists possible reasons why decentralised ID has not yet been widely adopted, along with case studies.
The report was authored by a group of contributors led by Aiden Slavin, lead of WEF’s Crypto Impact and Sustainability Accelerator. It was supported by a working group chaired by ID2020 Head of Advocacy and Communications, and some of the working group members acknowledged include DIACC’s Joni Brennan, Privacy International Senior Research Officer Tom Fisher and ID2020 founder Dakota Gruener.
The report comes shortly after WEF’s Digital Identity Initiative discussion on an international policy and standards framework that recommended using blockchain technology in building privacy-preserving digital ID infrastructure.
Company Sued for Failing to Prevent Theft of Identity Data
Onix Group, a Pennsylvania-based provider of business management and consulting services, is being sued for failing to prevent a ransomware attack in which the hackers stole the health and personally identifiable information of 320,000 individuals.
The ransomware attack was detected by Onix Group on 27 March. The forensic investigation confirmed that hackers had access to its internal network between 20–27 March, during which time they exfiltrated files that contained employee, affiliate, and client information. The breached information included names, dates of birth, clinical information, and the social security numbers of patients of its healthcare clients, and the health plan enrolment and direct deposit information of employees.
The lawsuit, Eric Meyers v. Onix Group LLC, alleges negligence, negligence per se, breach of implied contract, breach of fiduciary duty, and unjust enrichment. It claims that Onix had a legal obligation to implement reasonable and appropriate safeguards to ensure the confidentiality of the data it stored, but instead stored the information in a vulnerable and dangerous condition, then unnecessarily delayed notifications to affected individuals for two months.
The lawsuit seeks class action status, a jury trial, damages, and injunctive relief, including an order from the court prohibiting Onix Group from engaging in wrongful and unlawful acts and requiring it to implement adequate cybersecurity measures.
Those measures include the development, implementation, and maintenance of a comprehensive information security program, data encryption, third-party security audits and penetration tests, further information security training for all employees including tests of their security knowledge, updates to its data retention policies, and for the company to stop storing personally identifiable information and protected health information in cloud databases.
Subscriber content
Read the full article
Full access to ID & Secure Document News articles, newsletters and archives.