Adviser Toby Stevens takes role on interim basis while government advertises for new appointment
The government has renewed the emphasis on the privacy element of its identity assurance (IA) programme with the announcement of a new privacy officer role within the GOV.UK Verify team.
The move has been signalled in a Verify blogpost by Toby Stevens (pictured), a long term adviser to the government on privacy issues and chief executive of the Enterprise Privacy Group.
He said it reflects the need to deal with the “healthy tension” between convenience for the user, security and protecting privacy. The Verify team has been using iterative delivery techniques to strike the right balance, but it has been decided that there is a need for someone in the team to represent privacy needs.
“As the service grows, the traditional departmental approach of having data protection officers in a separate governance team isn’t enough,” Stevens said. “For that reason we’ve created a new privacy officer role.”
He said the new official will provide a focal point for decisions that could affect the use of personal data, and manage the dialogue between Verify users, developers at the Government Digital Service, certified IA providers and the departments that use the service. The new official will also work closely with the independent Privacy and Advisory Group, which has been providing input to the programme.
Stevens is assuming the role on an interim basis, and the Cabinet Office has published an advertisement for someone to take it on long term. It emphasises the advocacy element of the position, and says it would be suited to someone with a hands on working style who can bring together the various teams.
Protecting users’ privacy has been an important element of the Verify programme from the beginning. The National Identity Card Programme, which was abandoned with the change of government in 2010, was frequently attacked as a threat to the privacy of people using the cards.
Verify has been developed as an alternative approach with the aim of providing more protection for users’ privacy.
It involves using one of nine certified companies to confirm that a service user has provided the correct identity. They perform checks for the initial verification and can then provide authentication to a public authority through an online hub.