Advanced Search

Order Pre-3949/2006, Of 26 December, Which Establishes The Configuration, Features, Requirements And Procedures For Access To The Data System Of Verification Of Identity.

Original Language Title: Orden PRE/3949/2006, de 26 de diciembre, por la que se establece la configuración, características, requisitos y procedimientos de acceso al Sistema de Verificación de Datos de Identidad.

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

TEXT

Currently, in most of the citizens ' relations with the Administration, they must present a photocopy of their identity card, either their identity card, whether it is a Spanish citizen or their equivalent card for the Case of foreigners residing in Spanish territory.

It is estimated that the number of photocopies of documents proving the identity of a citizen filed annually in administrative proceedings amounts to more than four million.

On 28 April 2006, the Council of Ministers approved Royal Decree 522/2006 of 28 April 2006, which abolished the provision of photocopies of identity documents in the administrative procedures of the administration. General of the State and its related or dependent public bodies.

The objectives of such a standard are, on the one hand, to abolish the obligation to present photocopies of the identity documents in all administrative formalities, and this photocopy can be replaced in those This is the case where the constancy of the data is essential, by a telematic consultation to the Directorate-General of the Police and the Civil Guard in a direct or deferred form; and, on the other hand, to provide greater security to the current method of verification of the identity of a citizen, since it is easier to manipulate a photocopy than to supplant the identity of the system for verifying identity data based on information preserved by the Directorate-General of the Police and the Civil Guard.

As of the implementation of this system, it is the department itself that is asked to take the task of checking, of its own initiative, the identity of the person concerned. This consultation shall be carried out in cases where it is strictly necessary and after obtaining the consent of the person concerned. The consultation will be carried out with maximum security guarantees and preserving the privacy of the data. If the person concerned does not consent to such consultation, he/she shall provide his/her corresponding photocopy of the National Identity Document.

The purpose of this Ministerial Order is to comply with the mandate contained in the first provision of the Royal Decree 522/2006 of 28 April 2006, pursuant to which the establishment of the configuration, characteristics, requirements and procedures for access to the Identity Data Verification System, as well as the date on which such a system will be fully operational, will be carried out in order, on a joint proposal from the Ministers of the Interior and Public Administrations.

To this end, consideration has been given to previous experiences, technical implications, the search for rationality and simplicity of use and the exploitation of the advantages of economies of scale.

In its virtue, prior to respective favorable reports of the Superior Council of Electronic Administration and the Agency for Data Protection, on the proposal of the Ministers of the Interior and of Public Administrations, I have:

First.

The Technical Regulation of the Identity Data Verification System, which is annexed to this Ministerial Order, is approved as an instrument that establishes the configuration, characteristics, requirements and procedures access to the aforementioned System.

Second.

Is set as the date of operation of the Identity Data Verification System on January 1, 2007, from which it may not be required by the General Administration of the State or by the linked Agencies or dependent on the contribution of photocopies of the National Identity Document or of the documents proving the identity of foreigners resident in Spain or equivalent card, except in the cases provided for in the Royal Decree 522/2006 of 28 April 2006.

Third.

This Ministerial Order is approved in accordance with the provisions of the final provision of Royal Decree 522/2006 of 28 April 2006, which suppresses the provision of photocopies of identity documents in the administrative procedures of the General Administration of the State and its related or dependent public bodies. The provisions of this Ministerial Order shall be applied in any event in accordance with the provisions of the Organic Law 15/1999 of 13 December on the Protection of Personal Data and other applicable regulations in this field.

Final disposition first. Application and development.

1. By Resolution of the General Secretariat for Public Administration of the Ministry of Public Administrations, with the agreement of the Ministry of the Interior and prior report of the Superior Council of Electronic Administration, they will be established the quality parameters of the service delivery of the Identity Data Verification System and of compliance with the requirements and conditions set out in this Ministerial Order. For these purposes, the Ministry of Public Administration shall establish instruments for the validation and monitoring of compliance with the provisions of the previous paragraph, without prejudice to the powers of the Internal Control Bodies.

2. By Resolution of the General Secretariat for Public Administration of the Ministry of Public Administrations, with the agreement of the Ministry of the Interior and prior report of the Superior Council of Electronic Administration, it will be possible to proceed the updating or amendment of the Technical Regulation which is approved by this Ministerial Order.

3. The Deputy Secretaries of the Ministerial Departments, the Presidents of the Public Bodies or the relevant ministerial officials shall be empowered to adopt the appropriate instructions or measures to ensure that the access and use of the Identity Data Verification System by the organs and units corresponding to its scope.

Final disposition second. Entry into force.

This Ministerial Order shall enter into force on the day following that of its publication in the "Official State Gazette".

Madrid, December 26, 2006. -First Vice-President of the Government and Minister of the Presidency, María Teresa Fernández de la Vega Sanz.

ANNEX

Identity Data Verification System Technical Regulation

First. Description of the Identity Data Verification System.

The Identity Data Verification System made available to the Departments and Agencies of the General Administration of the State by the Ministry of Public Administration is established as a service horizontal for the consultation and verification of the data of the Document of Identification of the Citizen guarded by the Directorate General of the Police and the Civil Guard, based on the provisions of the Organic Law 2/1986, of 13 March, of Forces and Security Corps, which attributes to the National Police Corps, the function of issuing the document National of Identity and control of the entry and exit of the national territory of Spaniards and foreigners. Information that is registered and protected in the files of the Directorate General of the Police and the Civil Guard, which support the management of the national identity card and the Foreign Identification Card (His Names, in accordance with Orders INT/1751/2002 of 20 June 2006 and INT/2190/2006 of 19 June 2006 are ADDNIFIL and ADEXTTRA respectively).

Second. Adoption of security, organizational, or technical measures of the organizations and applications that access the Identity Data Verification System.

1. In general, the bodies that access the Identity Data Verification System will comply with the security, conservation and standardization measures that are detailed in the Security, Standardisation and Conservation Criteria. applications used for the exercise of powers approved by the Higher Council of Electronic Administration by Resolution of 26 May 2003 and subsequent revisions.

2. The extent and intensity of the implementation of the safety, conservation and standardisation measures shall be determined by the outcome of the risk analysis and risk management carried out, recommending to these effects the use of the Analysis and Risk Management of Information Systems (MAGERIT) of the Superior Council of Electronic Administration.

3. The provisions of this Ministerial Order will be applied in accordance with the provisions of the Organic Law 15/1999 of 13 December, the Protection of Personal Data and the Regulations on Security Measures of the Automated Files of personal data approved by Royal Decree 994/1999 of 11 June.

Third. Access to the Identity Data Verification System.

1. Access to the Identity Data Verification System will be done through the System of Applications and Networks for Public Administrations, following the connection scheme established for any public body. Only in duly justified cases and after approval by the Secretariat of the Higher Council of Electronic Administration of a plan for the management of communications will be temporarily enabled alternatives.

2. The Identity Data Verification System will present two alternative ways of accessing the corresponding queries on the veracity of certain identity data:

An interface accessible through an Internet browser, according to RFC 2616: Hypertext Transfer Protocol-HTTP/1.1 of the IETF, where a public employee, duly accredited and identified, may perform queries with only one browser with access to the System of Applications and Networks for Public Administrations and electronic signature.

An automated web service interface, conforming to the W3C WSDL 1.1 or higher standard whose initial definition, and subsequent updates, will be made available to the Agencies through the Higher Council of Electronic Administration and its Standing Committee.

Fourth. Authenticity requirements for access to the Identity Data Verification System.

1. Access to the Identity Data Verification System will be made using recognized electronic certificates.

2. Electronic certificates that are used to identify themselves to the Identity Data Verification System shall be certified certificates that comply with the UIT X.509 recommendation version 3 or higher (ISO/IEC 9594-8 of 1997).

3. Expired or revoked electronic certificates may not be used to access the Identity Data Verification System.

Fifth. Identity Data Verification System confidentiality requirements.

1. The Identity Data Verification System shall provide consultations in which, from the Number of the Citizen or Foreign Identification Document, the total, or a subset, of the data incorporated in that document shall be returned:

The name and last name of the document holder.

Place and date of birth.

Parent name.

Sex.

The Status of the Document.

The data set to which each user of the system has access will be set, upon authorization and justification, by the person responsible in the Administrative Organization.

2. Only duly authorized public bodies will have access to the Identity Data Verification System. In any public body, there shall be a responsible person or administrator of the system who shall authorize access to the Identity Data Verification System.

3. In order to consult the Identity Data Verification System, the consent of the data subject whose data is to be verified shall be required, unless a rule with a range of law authorizes such consultation. Such consent shall be recorded in the application for initiation of the procedure, or in any subsequent communication, provided that such communication is prior to the consultation in the system, and no consultation may be carried out in the event of do not have the consent in a feisty way. Electronic forms or forms of requests for initiation of administrative procedures shall be appropriate for the collection of such consent.

4. The consultation and access to the information provided by the Identity Data Verification System must be carried out for a specific purpose, which will be collected at the time of the consultation.

Sixth. Integrity requirements of the information provided by the Identity Data Verification System.

All queries that are made to the Identity Data Verification System, as well as the responses returned by the system itself, must have been signed electronically. This electronic signature is intended to ensure the integrity of the data exchanged as the identity of the parties involved and the non-repudiation of the consultation.

In the same way, all the queries that the Identity Data Verification System must carry out to the Directorate General of the Police and the Civil Guard, as well as the corresponding answers obtained result from the They shall be duly signed electronically to ensure both the integrity of the information and the identity of both bodies.

Seventh. Availability requirements for information provided by the Identity Data Verification System.

The Identity Data Verification System will be available 7 days a week 24 hours a day.

Eighth. Legal guarantees of the Identity Data Verification System for potential resources.

1. The web service provided by this system follows the data exchange standard defined by "Replacement of Certificates in Support Role" of the Superior Council of Electronic Administration, which brings together, based on the current regulations, the legal guarantees applicable to the exchange of data between public administrations.

2. The Identity Data Verification System shall have an audit module, in which all queries of the identity data, associated context information, such as the identity of the applicant, the date and the date of the audit, shall be recorded. purpose of the query, and those relevant events triggered from the query itself. The integrity and non-repudiation of the information recorded by electronic signature and time-stamped techniques shall be guaranteed, and technical measures shall also be established to ensure the availability and recovery of such information as not is maintained on-line for reasons of technical efficiency or safety.

3. In order to certify the date and time of the activities and events recorded in the Identity Data Verification System, use of the Service of Time of the Electronic Signature Platform of the Ministry of Administration Public, synchronized with the Royal Institute and Observatory of the Navy, in accordance with the provisions on legal time in Royal Decree 1308/1992, of 23 October, declaring the Laboratory of the Navy as the depositary of the National standard of time and laboratory associated with the Spanish Metrology Centre, and according to the conditions techniques and protocols to be established by the Agency.

4. Only duly authorized and accredited Public Administration personnel will be able to access the Audit functionalities of the Identity Data Verification System.

Ninth. Conditions for the provision of the service.

1. The Management of the Identity Data Verification System corresponds to the Ministry of Public Administration.

2. Public bodies that make use of this service shall be subject to security measures, the requirements of authenticity, integrity, confidentiality, availability and technical criteria set out in this Ministerial Order.

3. In order to be able to access the Identity Data Verification System, the Administrative Bodies shall designate a person responsible, as referred to in the second subparagraph of point 5 of this Technical Annex, which shall be responsible for authorize access to your body. The appointment and termination of this officer shall be communicated to the Ministry of Public Administration, for the assignment of the appropriate permits for access to the system or the cancellation thereof.