As the paper rightly recognizes, there is a need for an open debate on how governments share, access and use information. However, whatever the outcome of such a debate, governments in the future will need an effective identity management infrastructure that enables public servants, businesses and individuals to access information.

The policy paper references the vulnerability of the Government’s databases and goes on to list the recent high profile data loses in government. There is no doubt that the processes that led to these losses must be reviewed. However, it is important to remember that the majority of these cases were caused by human error and that the databases themselves were not the cause of the data loss. The issue is more about information management and security – how information is stored, who has access to the information and the internal security and governance processes, which organizations have in place for handling information.

Information on citizens will always need to be held by the state – from tax and benefit information, to information held on court and police systems and databases. Information and data held on citizens and the systems used to verify that information are going to be required to deliver world-class services and to enable government to be more cost efficient and effective. For this to work, and to ensure that access to these databases is restricted and granted to those public servants who are authorized to do so, an effective and efficient identity management infrastructure needs to be put in place.

The importance of identity management

‘Identity management’ is a term that has been used to describe activity in a variety of areas; from ID cards, chip and pin, application of biometrics, immigration and prevention of terrorism, to the need for systems that facilitate the public sector reform agenda. This had led to some confusion as to what identity management actually is and why it’s important for the smooth running of society.

Essentially, identity management is the process of monitoring or controlling a sequence of identity interactions. It has come to describe the application of IT business processes in order to ensure that private and public sectors are able to correctly identify a person’s eligibility for the delivery of services.

The high profile media debate on ID cards has muddied the issue about the need for effective identity management systems. The two issues became synonymous with each other and that has caused some confusion. ID cards could provide a single and straightforward mechanism for proving people’s identities. However, in order to understand why an effective identity management infrastructure is required in a modern digital society, we need to separate the issue of ID cards and the rise of databases from the debate. Identity management systems offer real and concrete benefits to citizens and are vital for government and private sector interaction with citizens.

The delivery of public services

Central and local governments are increasingly using technology to ease and improve their interaction with citizens and for the delivery of public services. With more sensitive citizen government transactions taking place digitally, the need for robust and secure identity management systems has increased. It is these systems that ensure citizens are getting the right benefits and services, as well as protecting against fraud and other criminal activity. Identity management has become a vital aspect in the way we interact with the state, and has become widely recognized as a critical enabler of the public sector reform agenda.

There are numerous government systems that require effective identity management in order to enable citizens to access services and information. The much publicized and highly praised car tax renewal system provided by the DVLA requires, for example, an identity system that not only can verify personal identities but also the identities of cars (e.g. number plate) and cross-reference the two. ‘Tell Us Once’, the cross government initiative set up by the Department for Work and Pensions (DWP) enables people to advise all government departments and agencies of a birth or a death just once, instead of informing them separately. This can only happen if all government agencies identify the same citizen in the same way.

Opponents of these government systems and services argue that this move has had a negative effect on individuals’ privacy, but as we move towards an increasingly digital world, where people are interacting on a daily basis with applications such as Facebook and Myspace, it could be argued that government should join this digital revolution, but at the same time understand and promote privacy and security implications.

What about the privacy debate?

Identity management systems in a variety of shapes and forms have been around for a number of years. Banks have used online identity systems and ‘chip and pin’ in its dealings with customers, and supermarkets are increasingly using identity systems in their interactions with their customers. Citizens have been giving their information to organizations such as utility companies for years, and as such the provision of personal information is not a new phenomenon. However, the emotive issue of ID cards and concern about the ‘database state’ has distracted government from a more detailed debate about the need for an identity management infrastructure.

When it comes to protection of privacy, there are systems and processes that could be put in place (both technical and on an organizational level) to promote trust in the services that are offered by outlining very clear responsibilities and subsequent liabilities.

Technology systems, for example Privacy Enhancing Technologies, are available that can enable the separation of private information (for example address and date of birth, etc.) with identifying facts. In addition, both government and industry understand that in many circumstances the most basic information will suffice for interactions with citizens. The collection and sharing of data can offer huge benefits to citizens at the same time as protecting privacy but only if the collection of data is conducted in a minimal and secure way.

The future of identity management

Correctly assigning and knowing the identity of people and things is vital in a digital society so that entitlements can be claimed, services delivered, information acquired and transactions processed. A mature debate is needed on the benefits that can be provided to citizens and businesses as well as to the smooth running of government.

Standardizing identity management processes and systems will enable diverse systems and organizations to interoperate, which will lead to greater efficiency and effectiveness in service delivery in the long run. The development of access and role-based identity management systems will enhance privacy and security. The technology industry is making strides in this area, managing access whereby users have access to certain information based on their roles and responsibility and providing audit trails of who has access to what information and when.

Government needs to balance access, transparency and accountability with security and privacy. Promoting the use of secure identity management systems, while at the same time protecting privacy, is a crucial challenge for governments and the technology industry. A mature debate is needed, and one that is separated from the debate about ID cards and databases.

 

 

 

 

 

 

 

 

 

 

 

Go to article:
1 |  2 |  3 |  4 |  5 |  6 |  7 |