https://identityassurance.blog.gov.uk/2015/08/27/gov-uk-verify-introducing-the-privacy-officer/

GOV.UK Verify: Introducing the Privacy Officer

Padlock suggesting privacy
Licence: Creative Commons Attribution Fred Armitage

We’ve been building and reviewing privacy management functions around GOV.UK Verify that will assure users we are handling their data in accordance with their expectations.

As with any system, there’s a healthy tension between convenience for the user, the need to ensure the service complies with security requirements, and protecting users’ privacy. To ensure we meet all of these requirements, we are using iterative delivery techniques that demand ongoing interaction between users and developers. For that to work it’s important to have someone in the development team to represent privacy needs. As the service grows, the traditional departmental approach of having data protection officers in a separate governance team isn't enough.

For that reason, we’ve created a new Privacy Officer role. The Privacy Officer will be responsible for ensuring GOV.UK Verify meets privacy obligations and user expectations. The Privacy Officer will provide a focal point for decisions that may affect the use of personal data, and manage the dialogue between developers at GDS, GOV.UK Verify users, certified companies and departments offering services through GOV.UK Verify.

The Privacy Officer will have a strong relationship with the independent Privacy & Consumer Advisory Group, briefing the group on privacy-related developments, and feeding their advice and recommendations back into the project team at GDS.

I’m handling privacy matters on an interim basis, and we’re recruiting a permanent staff member to take over for the future.

For more on privacy, security and identity assurance follow @tobystevens on Twitter or subscribe to the blog.

2 comments

  1. simonfj

    Thanks Toby,

    You are probably aware of this one just in. http://www.cnbc.com/2015/10/01/experian-reports-data-breach-involving-info-for-more-than-15m-t-mobile-customers.html
    Just one of the problems of using private verifiers.

    Link to this comment