New consultation opens

The government has launched a new consultation called the Draft Digital Government (Disclosure of Information)(Identity Verification Services) Regulations 2023. Anyone with an interest or views on identity verification services is invited to give their views on the consultation which is open until 1 March 2023.

The consultation follows the government’s commitment to improving the way that “data and information is shared and used across the public sector to deliver better, joined up services and exceptional outcomes for our citizens” and follows the The Digital Economy Act 2017 to “to introduce new data sharing gateways to support the delivery of key services” and support unlocking the “full benefits of a new government identity verification system, known as GOV.UK One Login.”

The consultation includes several case studies as to how individuals could benefit from the proposed single login (such as conveyancing and mortgages) as well as setting out the government’s position on adhering to data protection requirements. Once the consultation closes any new powers could be in force by October 2023.

ICO updates policies

Those responsible for data protection should be aware that the ICO has recently updated policies in relation to information that it makes public, including not just official Reprimands but also data regarding its complaints handling and investigations. Published under quarterly reviews, this will now include the nature of the issue reported to the ICO, the identity of the organisation (including in some cases the individual) under review, along with the outcome.

This information is published in relation to various categories including ‘Personal data breaches self-reported by the organisation concerned’ which in practice means that organisations will need to carefully consider any future self-referrals to the ICO and implications this may have in terms of reputation as this may bring new weight to the already careful balancing act as to whether self-reporting is necessary. 

Additionally, organisations will want to be aware that another category is ‘Complaints from members of the public about breaches of data protection laws and regulations’ which leaves organisations potentially vulnerable both to malicious reporting and also to blackmail-type scenarios where going public might be threatened.