How will my privacy and confidentiality be protected?
The City is wholly committed to protecting the privacy of IDNYC applicants and cardholders. As required by Local Law 35 (the legislation that created the IDNYC program), the City will protect the confidentiality of all IDNYC applicants to the maximum extent allowed by applicable federal and state law. In addition, in November 2014, Commissioner Banks of the Human Resources Administration issued several executive orders that address how confidential information in the IDNYC program will be handled and stored. These orders were the product of a joint working group that was focused on addressing community feedback on privacy. The orders mandate high levels of protection for IDNYC data and stringent processes for dealing with requests for IDNYC cardholder information.
What will happen to the documents I submit to get my IDNYC card?
Effective immediately (12/7/2016), the City has put into place a policy in which it will not hold any underlying identity or residency documents in support of an application. All of the comprehensive security & integrity processes that are hallmarks of IDNYC remain in place.
Do I need to provide information about my immigration status to get an IDNYC card?
No. The City will not ask IDNYC applicants for information about their immigration status. Where applicants provide the City with information that relates to their citizenship or immigration status, this information will be confidential and handled in accordance with IDNYC protocol and all applicable laws, including Executive Orders 34 and 41.
How will my information be stored?
The program’s data storage and security protocols were designed in close collaboration with the New York City Department of Information Technology and Telecommunications (DoITT) and the Human Resources Administration’s information technology unit to minimize the risk of unauthorized access, use and disclosure of applicants’ personal information. Storage of IDNYC data will be in accordance with robust city-wide standards set by DoITT for the handling of confidential information .All data about IDNYC applicants and cardholders will be maintained on encrypted databases and servers. All transitions will be encrypted.
Who will have access to my information?
Only trained and authorized IDNYC staff and HRA staff directly involved in the administration of the program will have access to the IDNYC program databases. Staff will have the lowest level of access necessary to perform their jobs. Access to IDNYC database and servers will be tracked through audit logs for accountability. In the event of a data breach involving applicants’ personal data, HRA will quickly notify impacted individuals. Improper use or disclosure may result in disciplinary action and referral for prosecution.
It is important to note that the IDNYC database cannot be integrated or linked to any law enforcement databases. In fact, the legislation that created the program explicitly prevents IDNYC from sharing any applicant or cardholder data unless so ordered by a judicial warrant or judicial subpoena.
Under what circumstances might the City share my information?
HRA and IDNYC are committed to protecting the privacy of applicant data to the fullest extent permissible under the law. All requests for applicant information will be referred to and handled by attorneys in HRA’s Office of Legal Affairs. MOIA will be consulted where appropriated. No disclosure of applicants’ personally identifying information will be permitted unless approved in writing by HRA’s General Counsel and Commissioner.
When requests or demands for applicant information is made, HRA will make reasonable efforts to provide notification in writing to the affected individuals, at the time the request is made, unless such notice would be unlawful or contrary to public policy. HRA will provide notice to individuals if their information has been requested by immigration authorities in the context of a civil immigration investigation, except where doing so would be unlawful.
HRA will redact information unrelated to the purpose of a request, if ascertainable, to the extent appropriate and permissible under the law.
What about requests from law enforcement and/or immigration authorities?
All requests for IDNYC data, including requests from local, state, federal law enforcement entities, will be handled according to the protocol for third-party requests described above. In addition, under the local legislation for the IDNYC program, local law enforcement officials must provide a judicial warrant or judicial subpoena to obtain applicant information. This means a judge must have approved the request for information.
Why is IDNYC using facial recognition technology?
The IDNYC program uses duplicate image search software (known as facial recognition technology) to protect against fraud and identity theft. Only the IDNYC database – and no others – will be searched with this software. Applicant photos, taken at the enrollment site, will be screened by specially trained program integrity specialists to verify that an applicant is not seeking multiple cards or trying to obtain a card under a different name.
For additional security, applicant photos are stored separately from other applicant data. The photo database is also separately maintained and not integrated with any other biometric databases maintained by the City, state, or federal authorities. Finally, law enforcement agencies do not have direct access to the photo database or any other IDNYC database.
What protections are there to prevent fraud and identity theft?
HRA and the IDNYC program are committed to ensuring program integrity and preventing abuse of the IDNYC card. The program has a robust, multi-step fraud-prevention protocol that was developed in close collaboration with HRA’s integrity and fraud prevention unit, the NYPD’s Intelligence Division, DoITT, and in consultation with the NYS DMV and the American Association of Motor Vehicle Administrators.
In addition, the program has a dedicated team responsible for program integrity, led by a Program Integrity Director who reports to the Executive Director. It has also contracted with leading national vendors for card enrollment and card printing who bring a breadth of fraud protection experience to the work.