GOV.UK Verify is Whitehall’s new way of ensuring someone is who they say they are online when applying to use online public services – it went into public beta midway through October 2014.
The first step GDS has taken to ensure users feel their privacy is protected is to work with its Privacy and Consumer Advisory Group to publish a set of identity assurance principles that the service must adhere to.
The principles cover the topics of user control, transparency, multiplicity, data minimisation, data quality, service user access and portability, certification, dispute resolution and exceptional circumstances.
Meanwhile, identity assurance technical architect Adam Cooper has explained how the technical architecture of GOV.UK Verify has been designed to protect users’ privacy.
“When we designed the identity assurance architecture we wanted to protect users from identity theft and fraud to secure their as it is use online and to reduce the amount of information needed from the user to a minimum,” he claims in a blog post.
Steps Cooper says his team have been taking to do this do this include not letting identity providers know what service a user is accessing and building programmes that would allow the repair of compromised identities.
“We care about your identity and we want to protect it but we realise that you also wants a great service,” claims the technical architect.
“Minimising the data we need, protecting it at all time and making sure that we get your consent should we need to use your data as part of a service helps us to ensure that protection and still provide great services,” he adds.
GDS has also appointed an “independent privacy advisor” called Toby Stevens who has explained how he is assessing the work done so far and what more needs to be done.
“As GOV.UK Verify enters public beta, we’re reviewing every aspect of the service to assure the users – and ourselves – that the service meets privacy expectations,” claims Stevens in a separate blog post.
“A comprehensive assessment will test how well it lives up to the requirements and what more needs to be done.
“We are checking the procurement to ensure that it mandates good privacy practices, including the Identity Assurance Principles, and does not close the door on future privacy requirements,” he adds.
The privacy advisor also calls privacy “not a fixed deliverable, but a fundamental quality of the identity assurance programme.”
This means, he says, that his work is just the first step to ensuring user confidence in GOV.UK Verify.