A few years ago, I attended a meeting at the Office of the Prime Minister of Jamaica where representatives from financial institutions were invited to learn about the proposed National Identification System (NIDS). I was there representing a bank within a Jamaican financial group. The presentation outlined how the system would allow banks and other organisations to verify the identities of customers using a trusted national database.
One detail that impressed me immediately was the design of the identity card itself. The presenters displayed a physical card with multiple anti-tampering features, including embedded holograms and other security elements intended to prevent counterfeiting. It was clear that the card was designed not merely as a form of identification, but as a secure credential within a national digital identity system.
The presenters, who were from another country that had already implemented a similar system, explained how their identity card had evolved into a single credential used across government services. Citizens could use the same card to travel internationally as a passport substitute within certain jurisdictions, vote in elections, obtain a driver’s licence, and interact with government agencies such as paying taxes. In other words, one trusted identity credential had become the gateway to multiple public services.
For financial institutions, the idea was compelling. Customer onboarding requires banks to perform extensive Know-Your-Customer (KYC) checks, often collecting and verifying multiple identification documents. This fragmentation of identity records is not unique to banks; it reflects a broader national challenge that I discuss in another article, One Person, Many Identities: Jamaica’s Fragmented Identity Problem.
The system itself is administered by the National Identification and Registration Authority (NIRA) under the National Identification and Registration Act. Its objective is to create a secure national identity infrastructure that can be used by authorised entities to authenticate individuals when delivering services. In the financial sector, this could help reduce identity fraud, streamline onboarding processes, and improve compliance with regulatory due-diligence requirements.
But during that meeting another question immediately came to mind. If banks and other institutions could query a national identity system, what safeguards would exist to ensure that citizens’ personal information was not misused?
That question leads directly to Jamaica’s Data Protection Act, 2020. The Act establishes rules governing how organisations collect, store, use and protect personal data. It is overseen by the Office of the Information Commissioner (OIC) and applies to both public institutions and private organisations that process personal information.
The law introduces standards such as lawful processing, data minimisation, accuracy of data and strong safeguards to prevent unauthorised access. In effect, while NIDS provides the infrastructure for verifying identity, the Data Protection Act provides the governance framework for protecting the personal information that flows through those systems.
Jamaica is therefore building two important pillars of its emerging digital economy at the same time: a trusted national identity infrastructure through NIRA, and a modern privacy regime through the Data Protection Act enforced by the Office of the Information Commissioner. Financial institutions will ultimately sit at the intersection of these two systems.
The interaction between privacy law and financial regulation introduces a deeper challenge for banks and engineers, which I explore further in Privacy vs Compliance: Why GDPR and AML Laws Seem to Clash in Banking.