Information Commissioner’s Office (ICO) Blog:
Digital identity systems have started to come of age, driven by the opportunities and challenges of the digital economy and public services.
The public need safe and secure ways to establish their identity in light of the reality of how digital services work in their daily lives. Such systems need to recognise the risks of fraud and security that exist at present, such as through the continued reliance on paper records.
Inspiring trust and confidence in the public about how their personal data is used in a digital identity system is paramount. Which is why we welcome the opportunity to provide our regulatory advice on how the UK Government’s digital identity and attributes trust framework should address data protection.
We recognise that the framework is currently an alpha ‘working’ version that will continue to be updated as proposals develop, as well as to reflect feedback received by the Department for Digital, Culture, Media and Sport (DCMS).
The ICO acknowledges that a digital identity system with strong governance and effective data protection safeguards can help improve public access to digital services and reduce security risks. We are therefore broadly supportive of the establishment of the framework. We have however highlighted that accountability for the way that personal data is processed must be present from the outset.
We also welcome the decentralised approach that the framework proposes, which provides a strong foundation for a ‘data protection by design’ approach that must be embedded across the system.
In a communication also aimed at data protection officers, digital service design teams, monitoring bodies and risk managers, we are supporting Government efforts to get the privacy considerations right, and are recommending that:
- Robust governance and clear accountability are established
- Any system be user-centric and boundaries around who controls personal data and how it is used and gathered be clearly established
- Effective measures are in places to address the data protection risks that relate to data minimisation and purpose limitation
- Organisations operating in the trust framework must have appropriate technical and organisational security measures in place to protect the personal data held in the system
The paper does not focus on COVID-19 status certificates – the Information Commissioner recently issued a separate blog on this issue.
Source: ICO. Author: Steve Wood is Deputy Commissioner (Executive Director, Regulatory Strategy) and is Chair of the OECD Working Party on Data Protection & Privacy
At LS Consultancy, we provide a cost-effective and timely bespoke copy advice and copy development services including GDPR support services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.
Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.
Why Not Download our FREE Brochures! Click here.
Call Us Today on 020 8087 2377 or send us an email.