Out-Law News 2 min. read
12 Jul 2013, 3:21 pm
Organisations responsible for managing this information should be obliged to make the change to the information even where they dispute that the information is wrong, the Science and Technology Committee (STC) said.
The STC has suggested that the new right should be established as an additional overarching principle that those involved in the operation of identity (ID) assurance services should have to adhere to. The Government laid out draft privacy principles for the operation of ID assurance schemes for consultation last month. The Government sees the development of ID assurance schemes as central to the working of online public services as they would be concerned with the verification and validation of those service users' details.
"The Committee suggests a ninth principle stating that if a dispute arise concerning a citizen's online dataset, that the citizen should be initially presumed correct and that the citizen has the right to instant correction if a mistake has been made," STC chair Andrew Miller said in a letter to Cabinet Minister Francis Maude. (6-page / 1.76MB PDF)
Miller said that the STC welcomed the Government's publication of the draft ID assurance principles. The Committee believes the principles are "vital in increasing and maintaining public trust when transacting with online Government services".
However, Miller called on the Government to be "clearer with the public" about the extent to which systems that support online Government services can repel cyber attacks.
In his letter, Miller said that the STC had concerns that individuals' personal details could be accessed by hackers because the Government was seeking to rely on systems containing security weaknesses developed by some private sector companies.
"We are concerned that inadequacies in Government software may lead to security vulnerabilities," Miller said. "The Committee would like to know whether the Government is confident that software developed meets the highest engineering standards."
Miller said that Dr Martyn Thomas, vice-president of the Royal Academy of Engineering, had suggested that the Government may be "importing the security vulnerabilities of authorised ID assurance providers into their online services". The Committee is "concerned that sensitive personally identifiable data could be compromised and be the subject of unauthorised use", he added.
"It appears that the public are unable to ascertain whether online Government services are developed adequately to withstand cyber attacks. The Committee suggests that the Government should be clearer with the public about this," Miller said.
The STC also questioned the Government's suggestion that moving services online delivers savings to the taxpayer. Miller said the Committee wants to see evidence of the savings and of the costs incurred in turning services 'digital by default' in line with Government policy.
"It is not evident to the Committee that the Government has a handle on measuring these savings," Miller said. "We welcome your message that savings are being made but urge Government to be clearer about the detail of both savings being made as services become digital by default, as well as the costs of designing, or redesigning, the services."
Miller called on Maude to provide a response to his letter before October.
"Public trust is absolutely essential," Miller said in a statement. "The Government must ensure the integrity and security of data and give people sufficient control over their stored personal information otherwise, the Digital by Default strategy will not succeed. We will continue to monitor the implementation of the strategy."