We’ve been building and reviewing privacy management functions around GOV.UK Verify that will assure users we are handling their data in accordance with their expectations.
As with any system, there’s a healthy tension between convenience for the user, the need to ensure the service complies with security requirements, and protecting users’ privacy. To ensure we meet all of these requirements, we are using iterative delivery techniques that demand ongoing interaction between users and developers. For that to work it’s important to have someone in the development team to represent privacy needs. As the service grows, the traditional departmental approach of having data protection officers in a separate governance team isn't enough.
For that reason, we’ve created a new Privacy Officer role. The Privacy Officer will be responsible for ensuring GOV.UK Verify meets privacy obligations and user expectations. The Privacy Officer will provide a focal point for decisions that may affect the use of personal data, and manage the dialogue between developers at GDS, GOV.UK Verify users, certified companies and departments offering services through GOV.UK Verify.
The Privacy Officer will have a strong relationship with the independent Privacy & Consumer Advisory Group, briefing the group on privacy-related developments, and feeding their advice and recommendations back into the project team at GDS.
I’m handling privacy matters on an interim basis, and we’re recruiting a permanent staff member to take over for the future.
For more on privacy, security and identity assurance follow @tobystevens on Twitter or subscribe to the blog.
2 comments
Comment by simonfj posted on
Thanks Toby,
You are probably aware of this one just in. http://www.cnbc.com/2015/10/01/experian-reports-data-breach-involving-info-for-more-than-15m-t-mobile-customers.html
Just one of the problems of using private verifiers.
Comment by Janet Hughes posted on
Hi Simon
Yes, we were aware of that issue. We sought immediate assurance from Experian that no GOV.UK Verify users were affected by the breach, and they have confirmed that they were not. Experian has published information for anyone concerned about the issue http://www.experian.com/data-breach/t-mobilefacts.html?intcmp=tmdb.
Thanks
Janet