The Private Security Authority (Register of Users)

Last updated February 2020

Does your organisation use the PPS number at present?

Yes. The Private Security Authority currently requests individuals (employees) who apply for a licence to include their PPSN on their application form. Contractors are requested to provide their Revenue Registered Number (RRN) on their application form. In respect of sole traders the RRN and the PPSN can be the same number.

If so, for what purpose?

The Private Security Authority which was established pursuant to the Private Security Services Act's 2004 & 2011 is the statutory body with responsibility for regulating and licensing the Irish private security industry. The Authority is currently licensing individuals providing a security service in the Door Supervisor (Licensed Premises), Security Guard (Static) and Cash-in-Transit sectors. To apply to the Authority for a licence in the above security sectors an individual must complete a licence application form for the respective category of licence. The individual's PPSN is used as a unique identifier to distinguish between licence applications received.

The Authority is also licensing contractors providing a security service in the following sectors:

• Door Supervisor (Licensed Premises)
• Door Supervisor (Event Security)
• Security Guard (Static)
• Security Guard (Event Security)
• Security Guard (Alarm Monitoring)
• Security Guard (CCTV Monitoring)
• Installer of Security Equipment
• Access Control
• CCTV
• Intruder Alarm
• Provider of Protected Forms of Transport – Cash-in-Transit
• Private Investigators
• Locksmith

To apply to the Authority for a licence in the above security sectors a sole trader must complete a licence application form for the respective category of licence. The sole trader’s RRN is a unique identifier to distinguish between licence applications received and also confirms that the sole trader is registered with the Revenue Commissioners.

Does your organisation exchange the PPS number with any other body? If so please name the relevant bodies and the purpose(s) of the exchange?

The Authority has engaged with an external company to scan licence application forms and issue licences to individuals (employees) on behalf of the Private Security Authority. A contract has been signed with this external provider and has been reviewed by the Authority’s Audit Committee with no issues arising.

The Authority may disclose a sole traders RRN?? or an individual's PPS number on occasion to An Garda Síochána (upon receipt of a written request in accordance with the relevant section of the Data Protection Act) in connection with their enquiries. The Authority may disclose a sole traders RRN or an individual's PPS number on occasion to the Revenue Commissioners (a memo of Understanding exists between the PSA and the Revenue Commissioners) in connection with their enquiries.

The Authority has disclosed PPS numbers to the Department of Social Protection (Central Control Section) on request (a memo of Understanding exists between the PSA and the Department of Social Protection).

Does your organisation have any other plans involving the use of the PPS number?

The Authority is licensing the Irish security industry on a phased basis. In due course when the Authority commences licensing new security sectors, sole traders and individuals will have to complete a licence application form to apply to the Authority for a licence for that particular sector.

There is a duty to ensure compliance with the principles of processing personal data which are set out in Article 5(1) and 5(2) of the GDPR. These principles are summarised as follows

• Process it lawfully, fairly, and in a transparent manner;
• Collect it only for one or more specified, explicit and legitimate purposes, and do not otherwise use it in a way that is incompatible with those purposes;
• Ensure it is adequate, relevant and limited to what is necessary for the purpose it is processed;
• Keep it accurate and up-to-date and erase or rectify any inaccurate data without delay;
• Where it is kept in a way that allows you to identify who the data is about, retain it for no longer than is necessary;
• Keep it secure by using appropriate technical and/or organisational security measures;
• Be able to demonstrate your compliance with the above principles; and
• Respond to requests by individuals seeking to exercise their data protection rights (for example the right of access

Have you measures in place to ensure that the Public Service Identity data you hold/collect whether in electronic or written format is in line with the GDPR Principles described above?

The Private Security Authority is an agency of the Department of Justice & Equality. Therefore, the Authority is subject to yearly audits by the Internal Audit Unit of the Department of Justice & Equality and the Comptroller and Auditor General's Office. No issue has been raised in respect of inefficient security measures concerning the security, accessibility or processing of personal data.