A person will be required to update their Public Services Card (PSC) at least every seven years and to provide a new photograph to the Department of Employment Affairs and Social Protection every seventh year.

The information is contained in the Department's response to 47 questions posed by the Data Protection Commissioner Helen Dixon last August.

At the time, Ms Dixon said there was a pressing need for updated, clearer and more detailed information to be communicated to the public regarding the mandatory use of the card.

Ms Dixon said that this was not just a transparency requirement, but that it was also in the interests of maintaining confidence in the system.

She asked the Department to publish a comprehensive Frequently Asked Questions (FAQ) guide to clarify matters relating to the card.

This afternoon, the Department responded by publishing on its website "A Comprehensive Guide To Safe Registration And The Public Services Card" and a reference guide to the main 73-page document.

Ms Dixon asked how frequently an individual will be required to update their data (for example, a photograph) in order to satisfy the minimum authentication requirements before a PSC is issued.

The Department responded that "a person is only required to undertake" the registration process once.

It said the PSC that is issued on completion of the registration "is valid for up to seven years".

"At renewal a new photograph is taken to update the new card and the Public Service Identity dataset."

In answer to a separate question from the Data Commissioner, the Department of Social Affairs and Social Protection said its own Secretary General will be the Data Controller for Public Service Identity (PSI) dataset held by it.

It added: "Separately, each specified body that collects or holds PSI data elements is the data controller in respect of their holding of the data on their own systems or databases."

It refers the reader to an appendix, which identifies a two-and-a-half page list of specified organisations including categories of organisation, such as local authorities. 

These range across a spectrum from Government ministers, Education and Training Boards and the HSE to the Mental Health Commission, the National Breast Screening Programme and the Child and Family Agency.

Also included are the Private Residential Tenancies Board, the Private Security Authority, the Probate Office and the Property Services Regulatory Authority.

An Garda Síochána and the Defence Forces are listed "in respect of their own members" and 28 Voluntary Hospitals are also included.

Tonight, Ms Dixon welcomed the "greater clarity certain responses bring, such as in describing the SAFE registration system (for the card) and in relation to the status of the driver's license and passport on that framework".

"That said, engagement between the Data Protection Commissioner and the Department … is ongoing in relation to matters covered in the FAQs and in recent Dáil responses to PQ's (Parliamentary Questions)."

She said the engagement focuses on these matters "particularly as they relate to biometric data processing and governance and data issues associated with the interplay between the Public Services Card, Public Service Identity set, MyGovID, Single Customer View and Infosys".

The statement recalls that, in the last week, the Commissioner has signalled to the Department her intention to use her office's investigation powers "to further examine details of these matters with a view to establishing whether there is full compliance with the requirements of the Data Protection Acts of 1988 and 2003".