Data protection is an enabler for trust and confidence

Apr 22nd '21

Information Commissioner’s Office (ICO) Blog:


Digital identity systems have started to come of age, driven by the opportunities and challenges of the digital economy and public services.


The public need safe and secure ways to establish their identity in light of the reality of how digital services work in their daily lives. Such systems need to recognise the risks of fraud and security that exist at present, such as through the continued reliance on paper records.


Inspiring trust and confidence in the public about how their personal data is used in a digital identity system is paramount. Which is why we welcome the opportunity to provide our regulatory advice on how the UK Government’s digital identity and attributes trust framework should address data protection.


We recognise that the framework is currently an alpha ‘working’ version that will continue to be updated as proposals develop, as well as to reflect feedback received by the Department for Digital, Culture, Media and Sport (DCMS).


The ICO acknowledges that a digital identity system with strong governance and effective data protection safeguards can help improve public access to digital services and reduce security risks. We are therefore broadly supportive of the establishment of the framework. We have however highlighted that accountability for the way that personal data is processed must be present from the outset.


We also welcome the decentralised approach that the framework proposes, which provides a strong foundation for a ‘data protection by design’ approach that must be embedded across the system.


In a communication also aimed at data protection officers, digital service design teams, monitoring bodies and risk managers, we are supporting Government efforts to get the privacy considerations right, and are recommending that:


  • Robust governance and clear accountability are established
  • Any system be user-centric and boundaries around who controls personal data and how it is used and gathered be clearly established
  • Effective measures are in places to address the data protection risks that relate to data minimisation and purpose limitation
  • Organisations operating in the trust framework must have appropriate technical and organisational security measures in place to protect the personal data held in the system


The paper does not focus on COVID-19 status certificates – the Information Commissioner recently issued a separate blog on this issue.


Further Reading: The Information Commissioner’s position paper on the UK Government’s proposal for a trusted digital identity system


Source: ICO. Author: Steve Wood is Deputy Commissioner (Executive Director, Regulatory Strategy) and is Chair of the OECD Working Party on Data Protection & Privacy


About us

At LS Consultancy, we provide a cost-effective and timely bespoke copy advice and copy development services including GDPR support services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.


Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.


Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.


Explore our full range today.


Contact us


Why Not Download our FREE Brochures! Click here.


Call Us Today on 020 8087 2377 or send us an email.