Draft principles for the UK identity assurance programme

Jerry Fishenden, Chair of the Cabinet Office Identity Assurance Programme Privacy and Consumer Group, has blogged the draft principles for the new identity assurance scheme, with a view to obtaining public feedback on those principles. I’m involved with the Group, and would urge anyone with an interest in this area to comment on his blog so that we can obtain the broadest feedback in order to deliver this important piece of work.

The principles are summarised below; there’s a lot of work going on behind the scenes to define the small print that supports these.
1. The User Control Principle
Identity assurance activities can only take place if I consent or approve them.
2. The Transparency Principle.
Identity assurance can only take place in ways I understand and when I am fully informed.
3. The Multiplicity Principle
I can use and choose as many different identifiers or identity providers as I want to.
4. The Data Minimisation Principle
My request or transaction only uses the minimum data that is necessary to meet my needs.
5. The Data Quality Principle
I choose when to update my records.
6. The Service-User Access and Portability Principle
I have to be provided with copies of all of my data on request; I can move/remove my data whenever I want.
7. The Governance/Certification Principle
I can trust the Scheme because all the participants have to be accredited.
8. The Problem Resolution Principle
If there is a problem I know there is an independent arbiter who can find a solution.
9. The Exceptional Circumstances Principle
Any exception has to be approved by Parliament and is subject to independent scrutiny.