Introduction
People are often asked by public service organisations to prove that they are who they say they are - either to prevent fraud or to show that they are entitled to receive a particular service or benefit, for example, free bus travel.
People want to know that public authorities and other organisations respect their privacy and recognise the harm which may be done if personal information is collected or held unnecessarily, or lost or misused. These draft Principles have therefore been developed by the Scottish Government for policy makers and practitioners in public service organisation, to help ensure that respect for privacy is central to the way public services prove identity or entitlement. They will also help public service organisations to comply with data protection and human rights legislation. That legislation governs personal information management by providing privacy protection. These draft Principles will enable public organisations to build on these requirements and to achieve best practice.
The draft Principles have been developed to give guidance on identity management [1] and privacy to public service organisations and they apply to all new systems and any systems which are being redesigned or redeveloped which involve identity management.
The draft Principles which follow cover the following five sub topics:
- Proving Identity and Entitlement
- Governance and Accountability
- Risk Management
- Data and Data Sharing
- Education and Engagement.
A Glossary is provided at the end.
What happens next
Following the public consultation, the final Principles will be published. The Principles will be reviewed annually to ensure that they remain up-to-date, relevant and useful. Updated versions will be issued when necessary.
[1] The enrolment and subsequent verification that gives individuals trusted means to prove who they are to others and / or entitlement to a service or benefit.