Government issues revised 'identify proofing' guidelines

Out-Law News | 08 Jan 2014 | 9:40 am | 2 min. read

The Government has updated guidance it has issued on the identity proofing and verification of individuals.

The Government is currently in the process of digitising some public services and amidst the risk of fraud, has said previously that it views the strengthening and harmonising of identity proofing and verification processes as important in building consumers' trust in using such services.

The new guidance (32-page / 814KB PDF), issued jointly by the Cabinet Office and the UK's National Technical Authority on Information Assurance (CESG), sets out four levels of assurance that organisations can have about an individuals' identity and the evidence and checks organisations must acquire and go to in order to claim compliance with each of those levels.

The standards range from requiring a basic level of verification and validation of documents to the need to obtain and verify a variety of identifying documentation, such as biometric passports and bank statements, validate the information in line with strict processes and conduct extensive counter-fraud checks so as to meet the highest grade of assurance.

"As part of the counter fraud checks the proofing organisation shall have, either through their own internal data sets, or via reliable and independent sources, the following counter fraud checking capabilities: whether the claimed identity has been subject to identity theft, regardless whether it was successful or not; whether the claimed identity is known to other organisations; whether the claimed identity is likely to be targeted by third parties; whether the claimed identity may be deceased; [and] whether the claimed identity is known to be a fraudulent identity," the new guidance said.

In September last year the Government signed contracts with five companies that will provide identity (ID) assurance services as part of the drive to further digitise Government services.

Dutch data authentication service provider Digidentity, credit reference agency Experian, personal data storage provider Mydex, The Post Office and network and information services provider Verizon are working with the Government as it redesigns and rebuilds 25 government digital services. 

Among the digital projects currently on the Government's agenda is the digitising of individuals' driving records, aiding employers to conduct a criminal records check on prospective new employees through a new online system, and enabling benefits claimants to make applications under the new Universal Credit scheme. 

Last summer the Government also set out proposed principles on privacy that ID assurance scheme providers would have to adhere to if they want to be involved in providing public services online. 

The principles would require ID assurance service providers to, among other things, only process "the minimum data that is necessary" to meet the needs of individual service users. In addition, ID assurance providers would have to provide individuals with a right to access their personal data for free and transmit the data to another provider "in a standard electronic format, free of charge and without impediment or delay" upon the request of a user.