Just one card

Rachael U. Yap Tax Senior Consultant, PwC Philippines 09 January, 2019

How many identification cards do you have? Which of those are accepted as proof of your identity by the government or private entities? With the advent of the Philippine Identification System (PhilSys), soon you will only need to present one identification card. But what is PhilSys?

Under Republic Act No. 11055, or the Philippine Identification System Act, PhilSys is the government’s central identification platform for all Filipino citizens and resident aliens in the Philippines. It aims to provide a single document as valid proof of identity, thus simplifying public and private transactions by eliminating the need to present other forms of identification.

The Philippine Statistics Authority (PSA) is the primary implementing agency of PhilSys, responsible for the overall planning, management and administration of the PhilSys. As such, it is required to ensure the security and integrity of the PhilSys with the assistance of the Department of Information and Communications Technology.

Every citizen or resident alien shall personally register under the PhilSys one year after the effectivity of the Act (i.e., on Aug. 25, 2019).

Registered persons will be given a randomly generated, unique, and permanent identification number called PhilSys Number (PSN). The PSN will be assigned upon birth or upon registration.

To secure an identification card, demographic and biometric information is to be collected from every citizen and resident alien during registration. Demographic data to be collected include the individual’s full name, gender, date of birth, place of birth, blood type, and place of residence.

Every citizen or resident alien shall personally register under the PhilSys one year after the effectivity of the Act (i.e., on Aug. 25, 2019).

On the other hand, biometric information to be collected are a front-facing photograph, a full set of fingerprints, and an iris scan.

In case of minors below five years of age, only the demographic and front-facing photograph shall be collected. For those aged five to fourteen years, biometric information shall be initially captured and recaptured at age fifteen. In both cases, their PSN shall be linked to that of their parents or guardian.

Thereafter, a nontransferable PhilID shall be issued to the registrant. On its face, the relevant information pertaining to the registrant’s identity shall be reflected on the PhilID, as follows: PSN, full name, gender, date of brith, place of birth, blood type, resident address, marital status (optional), and a front-facing photograph of the registered person. It shall also contain a QR code which contains any two fingerprints.

The PhilID shall serve as the official government-issued identification document of cardholders in dealing with all national government agencies, local government units, government-owned and controlled corporations, government financial institutions, and all private sector entities.

While presentation of the PhilID or PSN shall be sufficient to establish identity in transacting business with the government and private entities, the information is still subject to authentication. Under the system, there are two modes of authentication: online and offline.

For online authentication, the PSN and the biometric information will be used to validate the identity of the registered person. For offline authentication, validation of identity shall be thru presentation of the PhilID, matching of fingerprints as stored in the QR code, and encoding of a one-time password.

In compliance with the data privacy law, any requesting entity needs to secure the consent of the registered person before collecting identity information. The registered person should be advised of the nature of the information that will be shared upon authentication and the purpose for which the information received during authentication will be used by the requesting entity. Moreover, a data sharing agreement is required between the requesting entity and the PSA as a prerequisite to the release of data. Only upon compliance with the foregoing conditions can the registered person’s personal data be provided for the purposes for which it has been requested and will be used.

All information collected shall be stored in a repository called PhilSys registry. It shall store the PSN, the registered records, and information of all registered persons in the PhilSys. The registered records shall pertain to electronic copies of completed application forms and supporting documents submitted during registration.

A registered person’s record in the PhilSys shall be considered official and sufficient proof of identity. It shall not, however, be understood as proof of eligibility to avail of certain benefits and services, nor shall it be an incontrovertible proof of citizenship.

While the implementation of a unified identification system hopes to simplify public and private transactions, there are apprehensions on the capability of the public system to secure the privacy of personal data against cyber-attacks, in the wake of the COMELEC fiasco of 2004. To counter the threat, PSA will need to tighten its PhilSys security measures against unauthorized leakage of personal data. On the part of the cardholder, it is prudent to safeguard personal information reflected on the face of the PhilID and to use the ID only in official or secured transactions. More importantly, the public will need to be educated on data privacy and the safety measures against data compromise. Otherwise, having just one card may mean swift misfortune rather than an efficient transaction.

 

The views or opinions expressed in this article are solely those of the author and do not necessarily represent those of Isla Lipana & Co. The content is for general information purposes only, and should not be used as a substitute for specific advice.

 

Contact us

Lyn Golez-Geronan

Lyn Golez-Geronan

Tax Librarian, PwC Philippines

Tel: +63 (2) 8845 2728