The framework sits alongside the Digital Transformation Agency’ s Govpass technology platform, which is currently in private beta, and aims to develop a national federated identity ecosystem. According to the framework, accreditation for the “identity federation” will be based on a trust framework rather than traditional service level agreements (SLAs) in order to provide more transparency and scale.
Furthermore, the document outlines privacy requirements that must be fulfilled such as privacy governance; privacy impact assessments; data breach response management; privacy policy; notice of collection of personal information; collection and use limitations; consent prior to collecting information; cross-border and contractor disclosure; government identifiers; access, correction, and dashboard; quality of personal information; handling privacy complaints; and destruction and de-identification of information.
In addition, identity service providers are not permitted to collect sensitive information such as facial images unless consent is gained and the information is destroyed once used to verify an individual’s identity; and provide a complaints service to users.
In the end, the Trusted Digital Identity Framework Core Protective Security Requirements [PDF] covers the minimum security controls that applicants must provide for an identity system.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now