https://gds.blog.gov.uk/2013/06/17/advisory-group-publishes-identity-assurance-principles-for-consultation/

Advisory group publishes identity assurance principles for consultation

Identity assurance is about providing users with a simple, trusted and secure means of accessing public services, so we are working hard to ensure that privacy is at the heart of the service we will provide to users.

The Identity Assurance Privacy and Consumer Advisory Group (PCAG) was established to help the government develop an approach to identity assurance that, among other things, ensures users are in control of their information, that information is not centralised and that users have a choice of who provides services on their behalf.

Last year we published the first draft of the PCAG’s principles. The principles set out, in detail, how the government’s identity assurance (IDA) approach could be configured to meet the privacy and consumer expectations of its users. The government will continue to work closely with PCAG, our private sector partners and users to explore how these principles can be met in practice.

Today we are publishing an updated version of the PCAG’s principles for further feedback and comment. We will also arrange workshops to discuss the principles and to increase awareness of the important issues they raise and seek to address.

Screenshot of ID Assurance Principles consultation

The deadline for comments and feedback is mid-September. We will then work with the group to refine the principles and incorporate any refinements into the development of the IDA programme.

7 comments

  1. dmossesq

    Given that feedback and comment are invited on the IDAP principles, the user experience of the backfeeder or commenter would be improved if all paragraphs were numbered, thus making it clearer what feedback and comments refer to.

    I have prepared a suggested numbered version of the principles here.

    Could we please have either that or a numbered version of the principles prepared by someone else for feedback, for comment and for consultation?

    Reply
    • stevewreyford

      Thank you for this suggestion. We agree this would be useful and are looking at how we can provide a version with paragraph numbering.

      Reply
  2. Arc

    Hi .
    Having Multiple identity source will lead to multiple and stale information. It would even mean the individual will have to contact ‘n’ authorities to change his identity information at n places. I propose that there be only one copy with the latest enrolled identity provider. Other copies with earlier IdP must be purged and not synced. (There should be a IdP sharing through Central authority for access. You must talk to GeANT – EduGAIN edu network of Europe as they would have handled such cases and would be able to give you more such practical scenarios)

    Secondly, Like the financial institutions who collect financial information and other identity information because the individual allows them while taking a job to do a background check must also purge the information within one month as an individual cannot remember who all have been given the authority to hold his information.

    The individual must be contacted once in every 6 month by all the identity info holder to validate that they can still hold his info. Be it VEDA like institutions or online IdPs

    Not every individual is IT savvy or Law savvy. Many times there is a vicious circle of pre-printed conditions which are not allowed to be stricken out by individual who want to purchase a good/software/ticket to a water park/run a simulation etc…
    With an IdP it will any ways be electronic and once an individual has to do an important work he has to share his info with them under their rules which are thought to be ‘standard and made by govt.’

    In addition I wanted to know will these law apply to Facebook and LinkedIn which act similar to IdP in most cases.

    Thanks
    Arc

    Reply
    • stevewreyford

      Thanks for your comments, we’ll refer them on to the team as part of the consultation exercise.

      With regard to your final question on the scope of the Principles, they are designed to apply to the identity assurance programme and those who are involved in the delivery of the service. They would not cover other organisations.

      Reply
  3. Alan Cruden

    Just found ŷour blog this morning, great news to read about your work. How is the work of GDS being co-ordinated with the Department for Business Innovation and Skills midata innovation lab project that launches on the 4.7.13, love to see the over arching principles of how UK Gov is shaping and leading the personal data conversation. Check out http://blogs.bis.gov.uk/midata/

    Reply
    • stevewreyford

      Thanks for your comments. We have a Head of Policy and Engagement, Janet Hughes, who is working with all departments to co-ordinate HMG Identity Assurance requirements.

      Reply

Leave a comment