It is the mandate of the government to provide services to her people. Efficient delivery of services is backed by data driven. It is for this cause why the government is launching the National Integrated Identity Management System (NIIMS) and issuing the Huduma Namba. Sadly, there have been misconstruction of the character and legal status of NIIMS with certain quarters. This blog post provides a clarification and sets out the legal context.
- It is the mandate of the government to provide services to her people. Efficient delivery of services is backed by data driven. It is for this cause why the government is launching the National Integrated Identity Management System (NIIMS) and issuing Huduma to every resident person. Sadly, there have been misconstruction of the character and legal status of NIIMS with certain quarters. This blog post provides a clarification and sets out the legal context.
- The Kenyan government has been collecting personal data of citizens for over 100 years now. However, this collection has been in manual form and has lagged behind innovations in technology.
- Equally, there has been some notable inefficiency. The country maintains multiple registration systems under independent Acts of Parliament without minimal linkage. The foundational identity systems, those intended to provide clarity on identity, and functional identity system, being the registrations intended to ensure one accesses services, and not linked.
- Government agencies collect information from individuals but without any unique biometric identifiers thereby risking the accuracy of such information. In some cases, some of the information collected by the different agencies is different but relating to the same individual leading to unnecessary loss of time both for the person from whom the information is collected as well as for the government agencies collecting the information.
- Personal data is often incomplete, with inefficient coordination and linkage of registration agencies. There has been numerous cases of identity fraud; and Storage of information in physical documents limited communication and capacity to share the collected information amongst others. Such untidy system is not tenable.
JOURNEY TO NIIMS
- On 19th September, 2005, the Head of Public Service appointed an Inter-Ministerial Taskforce on Integration of Population Register Systems (IPRS) in line with the National Economic and Social Council (NESC) recommendation on the fast tracking of the integration of the registration systems. The Taskforce made several recommendations including:
- Introduction of a unique national number – Personal Identity Number (PIN) for all individuals resident in the country. That the number be assigned at birth for all residents and serve as the control number for all registration systems.
- Establishment of a National Population Register, containing information of all residents and serve as a central reference for all population registration systems.
- A central database be established to facilitate operations of the National Population Register;
- Development of nationwide ICT infrastructure backbone to link government agencies for purpose of information sharing and verification.
- The recommendations of this taskforce formed the basis for the formation of the Integrated Population Register System (IPRS) to serve as the single source of truth for the population data in the country.
- Sadly, although IPRS was a good step towards integration of population data, it was limited in capacity since it only consolidated data from primary population registration agencies, these being Civil Registration Department (CRD), National Registration Bureau (NRB) and Department of Immigration Services (DIS), which are established by different legal regimes. Further, IPRS did not seek to validate the information received from primary agencies by getting information from the source, namely, the Kenyans.
SHORTCOMINGS OF IPRS
- Hence, despite the encouraging steps made under IPRS, there were fundamental challenges that remained unresolved. These include an individual’s data was still being collected by multiple government agencies and this resulted in continued wastage and inefficiency.
- In some cases, despite data being integrated into IPRS contained inaccuracies. This demonstrated the need to collect personal information from the source again.
- It has been noted in some cases that information relating to children was not being captured comprehensively at birth. For example, in 2017, the Civil Registration Service registered 61% of births after details were to enroll for exams. It has been the ambition of the government to attain 100% registration of births by, among others, employing suitable technology.
- Unfortunately, IPRS failed to constitute a master register which could be regarded as “a single source of truth” as it relied on information from multiple sources some of which would conflict. For example, it was not uncommon for the same person to have a different name in a passport, in the National Identification Card and birth certificate. Such issues dilute the credibility of national registration systems.
- Further, the multiple registrations issued several identity documents. Kenyans were then compelled to obtain, keep and move around with multiple identification documents such as Identity Cards, Passports, Driving Licences, NSSF and NHIF cards, inconveniencing them. The question has been, why not have only one card? Or should one even have a card, where just a number can suffice?
- The Government took up the challenge. In order to improve and build upon the progress made by IPRS, the Government initiated NIIMS programme under Executive Order No. 1 of 2018. NIIMS was subsequently approved by the National Assembly vide the Statute (Miscellaneous Amendment) Act, No 19 of 2018.
THE BLISS OF NIIMS PARADISE
- The purpose of NIIMS project is to create and manage a central master population database, which will be the ‘single source of truth’ on a person’s identity since it will contain information of all Kenyan citizens and foreign nationals residing in Kenya and will serve as a reference point for personal data for Ministries, Departments and Agencies (MDAs) and other approved stakeholders.
- The main objectives of NIIMS are to:
- Undertake national biometric registration of all citizens and foreign nationals residing in Kenya;
- Issue a unique identification number referred as Huduma Namba to all the registrants and a multipurpose card referred as Huduma card;
- Collate, store, integrate, harmonize and facilitate sharing of population data from nearly all databases aforementioned; and
- Provide a single source of truth (one-stop-shop) on persons’ identity data for citizens and foreign nationals residing in Kenya.
- Therefore, NIIMS would ensure availability of accurate, reliable, and comprehensive population registration database. The harmonized nature of NIIMS will make it easier for security agencies to quickly access relevant information about potential threats without having to approach numerous and independent databases for full identification thereof. This will help in solving crimes such as terrorism, murders, robberies, rape and theft;
- NIIMS enables easy verification, validation and authentication of primary data of every individual. It ensures availability of accurate population data will facilitate adequate planning and enable service delivery to Kenyans.
- NIIMS provides mechanism to government agencies for convenient and timely access to information held by primary registration agencies by computer linkages to enable informed decision making. It ensures standardization and streamlining of relevant government processes.
- NIIMS’ use of technology will help spread coverage of registration services to all areas of Kenya. NIIMS will minimize cases of identity theft. NIIMS will provide confidence and assurance in financial transactions due to the overall verifiability of personal information provided during any transaction.
DATA PROTECTION CONCERNS
- Concerns have been raised on the adequacy of data protection on NIIMS. These fears are misplaced. There already exist adequate data protection in the current legislations and these includes:
- The Registration of Persons Act, Cap.107, which created NIIMS, prohibits in Section 14 (1) (k) (l) and (m) anyone from publishing or communicating any data that is acquired in the course of employment other than for allowed official purposes. It also prohibits any third party from possessing any personal data derived from the registration processes.
- Kenya Information Communication Act,1998, provides in Part VIA adequate cyber security for a system such as NIIMS. Section 83Q provides that the Cabinet Secretary can gazette protected systems such as NIIMS and provides a fine not exceeding ten million shillings or to imprisonment for a term of ten years or to both to anyone who secures unauthorized access or attempts to secure unauthorized access to a protected system.
- The Access to Information Act, 2016, provides in section 6 (1) for protection of personal data and the right to privacy and provides in section 28 for a heavy fine of one million shillings, an imprisonment of not more than three years or both for knowingly disclosing exempt information as defined in section 6.
- The Computer Misuse and Cybercrime Act provide penalties for the misuse of computer systems such as NIIMS.
- The Data Protection Bill, 2019 (government draft), which was recently tabled in the National Assembly has not been passed by parliament, the legal framework in place is sufficient to protect personal data of the citizens. Again, the Data Protection Bill, 2019, which this Commission spearhead the its drafting, only consolidates data protection principles and establishes institutional framework. There is no data protection gap.
HOW TO REGISTER
- NIIMS involves registration of all Kenyans both locally and abroad and also all foreign nationals who live in Kenya. Upon registration, the enrolled persons will be issued with a unique identification number referred as Huduma Namba and later a multi-purpose card referred as Huduma card, which will substitute the current inefficient identity cards.
- The Huduma Namba,being a unique identification number will be used to identify all persons in the country and thus will be used while accessing government services and identification both by government and the private sector. It will waive the need for issuance of multiple registrations of the same person and will be used from cradle to death.
NIIMS will be the single source of foundational data about a person and all government agencies will tap into it. The Huduma card will contain the integrated personal and foundational data of the card holder.