We’ve been building and reviewing privacy management functions around GOV.UK Verify that will assure users we are handling their data in accordance with their expectations.
As with any system, there’s a healthy tension between convenience for the user, the need to ensure the service complies with security requirements, and protecting users’ privacy. To ensure we meet all of these requirements, we are using iterative delivery techniques that demand ongoing interaction between users and developers. For that to work it’s important to have someone in the development team to represent privacy needs. As the service grows, the traditional departmental approach of having data protection officers in a separate governance team isn't enough.
For that reason, we’ve created a new Privacy Officer role. The Privacy Officer will be responsible for ensuring GOV.UK Verify meets privacy obligations and user expectations. The Privacy Officer will provide a focal point for decisions that may affect the use of personal data, and manage the dialogue between developers at GDS, GOV.UK Verify users, certified companies and departments offering services through GOV.UK Verify.
The Privacy Officer will have a strong relationship with the independent Privacy & Consumer Advisory Group, briefing the group on privacy-related developments, and feeding their advice and recommendations back into the project team at GDS.
I’m handling privacy matters on an interim basis, and we’re recruiting a permanent staff member to take over for the future.