Pages

Monday, July 6, 2015

National Identification Number in Workflow (4)

"It's just an application that let employees to make their own?"

That is right. But that is not all... Individual Numbers which an enterprise should collect are surprisingly numerous. That is, Individual Number of "Employees / Part-timers" and "their dependent family member" is not the all.

Especially, "outsourcee (Self-employment)" is troublesome.

Every Japanese companies are helping the "tax collection operations of the country." That is, income tax is withheld by the company upon payment of remuneration. Then the company pays the entrusted income tax to the government. (Moreover, the amount of withholding is aggregated and delivered as Certificate of Income and Withholding Tax to each person.)
  • Copywriting fee, composer's fee, designing fee, copyright royalty, lecture fee
  • Remuneration for lawyers, judicial scriveners, accountants, tax accountants, patent attorneys

You see. When you ask for the lecture or designing for individuals of external, you need to collect the Individual Numbers of these people. If you are taking advantage of "Crowdsourcing", as a fashion, you will need a special care.

Through the "Individual Number Application Processes" in previous articles;
We were focusing on applications from employees and part-timers. And in the latest article, we considered on a Workflow for conducting the "Measures of Identification" in apportioned among the managers.
  • X. Dispersion: Apportion the collation within the organization. (All store managers or all section chiefs confirm)
  • Y. Intensive: Ask them to attach documents sufficient to collate in online.


In this Business Process here, everything is done centrally online. (Intensive)

This is very convenient for;
  • companies that taking full advantage of external freelance such as designers or programmers
  • companies that making requests on a daily basis for the external personal such as lectures or writings

All the processing, including the "Measures of Identification", can be done online. Moreover, you can limit the personnel who touch (specific) personal information to the Accounting Department in the headquarter.

Incidentally, in this case, everyone makes their application in an "Application Form" (a secure web form), whoever a head office worker or a remote worker, a part-time or the president, a rookie or a veteran, a lawyer or an accountant...

[Individual Number Application flow-4]



[Individual Number Application flow-4:'1. Designate collator' screen]

First of all, we need to examine deeply about the "online procedure" itself.

It is unavoidable "to be online" (to some extent) for an organization which accepts many applications from remote locations. However, it is not easy to conduct the "Measures of Identification" (Act Article 16) online practically. (There is an alternative method using 'Digital Signature', which I won't mention about this time.)

For example, ID card that used to be confirmed on the spot in the case of a "face-to-face procedure" will become necessary to be electronically attached as "the sufficient documents for collation online". And these electronic files are the data that referred as "Specific Personal Information" (= personal information, including Individual number), which I wish not to be involved if I could.


If it is a " face-to-face procedure" (procedure not online), the confirmation for the Individual Number of "a person who receives a payment" will be a flow like in the following.

<Case A>
  • "Individual Number card" alone. (= an ID card with a photo which will be issued after January 2016)
* By confirming the front and back sides, it is possible to confirm the Individual Number of people who receive payment.


<Case B>
  • ID card with photo: Driver's license, Passport, etc.
  • Certificate for Individual Number: "Notification card", "New Residence certificate"
* By confirming both of Driver's license and Notification card, it is possible to confirm the Individual Number of people who receive payment.


<Concept of Identification>
  1. Confirmer him/herself knows the face of the 'person who receives a payment'. (Being in front of him/her, have met before, etc.)
  2. Confirm the "name / date of birth," on "official certificate with a photo of the person who receives the payment".
  3. Confirm the "Individual Number" on the official certificates on which "name / date of birth" are listed.
# Incidentally,,, I wonder how should I do if the person in the photo didn't look like the "person who receives the payment"? Lost a lot of weight, heavy makeup, or even plastic surgery... Well, there is no choice but to determine within a range of the confirmation person / responsible person can take responsibility. (I will give up for "Spoofing" by the twins or look-alike...)

The newly introducing Workflow is the mechanism that begins from where the applicants themselves is input to the "Web Form". (The URL, of course, should be told in the beforehand.) And the "Acceptance flow" after the Application is as the following.

<Flow of Identification>
  • 1a. The personnel of Accounting confirms / creates a "Snapshot" of the person who receives the payment. (Cropping out of public certificate, etc.)
  • 1b. The personnel of Accounting will ask someone of the employees to confirm that the person in the "Snapshot" is "the person who receives the payment".
  • 2. Employees who received the request confirms the "name / date of birth," on the "official certificate with a photo of the person who receives the payment".
  • 3. The personnel of Accounting confirms the "Individual Number" of the public certificates on which "name / date of birth" are listed.

<Documents for Online Confirmation>
* Scanned-saved file / Shot-on-camera file
- Documents for #2 (ID card with photo): "Individual Number card (Front side)" or "Driver's license" or "Passport", etc.
- Documents for #3 (certificate for Individual Number): "Individual Number card (Back side)" or "Notification card" or "New Residence certificate"


After all, what is excellent in this Workflow is that you can limit the number of people (administrative personnel) who see "Personal Information / Specific Personal Information" to very small. (Two of the Accounting Department)

You will understand when you take a close look at the Business Flow (Process Diagram), but the Face photo of the "person who receives the payment" is confirmed at first. Specifically, it has taken a method of requesting a (reliable) employee that "Please confirm if the person who receives the payment is the same person in this photo". (Incidentally, request will not be made when the Accounting personnel is capable of confirming. E.g. when accepting an application from the president, you will not say "please confirm if the person in this photo is the president".)


Noteworthy point is that only the "Snapshot" is shown at that time.

It is not presenting a 'picture of the ID with photo" to employees. That is, the employee who identifies the face in a photo will never see the "Personal Information / Specific Personal Information".

(By the way, the data item of "Snapshot" is not set to Required. Therefore, the Accounting personnel will have to create one by cropping from the "image of ID with photo" if it has not been input. Though, many people have their own photo image for social media tools.)

It is a way to take a little time and effort. Still, it can be said that it is a very smart way when considering the "cost of visitation" and "the magnitude of the company damage at the time of leakage". Furthermore, the image file as a personal identification document also, will be automatically deleted after the check work in the Accounting Department.

* Imagine the apportioning of checking work in the article before, if a part-timer shop manager has entered Individual Numbers in Excel and lost the file... Or if thoughtlessly tweeted "I've got ID numbers of all of them!"... (Ultra scary!)



P.S. By the way, only the advantages be seen in this mechanism.

In fact, the system itself is made very well. Only a few human interposes in the information exchanges for ensuring the accuracy and legitimacy. That means the risk of the information leakage by human is extremely limited. Furthermore, you can make the business rules to flexibly cope with "Environmental changes" because it is "Centralized" (Intensive).


However, yet there are possibilities of complicated problems. The following two are crucial.
  • Possibility of Spam data to be thrown into "Application site".
  • Possibility of the appearance of "Spoofing Application site", and workers to be defrauded their personal information.
* Besides searching for the "Design of easier use for anyone" which there will never be the right answer...

In particular, problems related to "Spoofing website" (Phishing site) are deep-rooted. (To be continued...)

[Data Items list]


[Free Download]
<Similar Models>
<<Related Articles>>

[Japanese Entry (ε’Œζ–‡θ¨˜δΊ‹)]