Information & Ethics committee  Good morning. Thank you for the opportunity to provide evidence. I'm doing so in a personal capacity, as you've mentioned. Consumer and citizen trust is essential if governments and businesses alike are to use technology to the benefit of us all, yet all too often we are seeing

Information & Ethics committee  I think there have been several initiatives in which privacy has been very much at the core of the program. I think some of the programs have struggled. One of the particular ones that comes to mind is the GOV.UK Verify program, which looks at identity. It's based on a very sound

Information & Ethics committee  I have a lot of respect for the Estonian approach, and I've spent time with their officials and politicians as well. I think one of the things, to be frank, that we struggled with in the U.K. is that theirs obviously relies on quite a different approach to identity than the one

Information & Ethics committee  That's a good question, and it spills over into the realm of politics. The current identity assurance program, Verify, was created after the incoming government of 2010 abolished the U.K. ID cards program, which had been a political commitment by the coalition government, the Lib

Information & Ethics committee  I think if you're starting out, you could follow a track very similar to the Estonia approach. Most people now carry mobile phones or mobile devices around with them. I'm thinking of a principle of using those mobile devices as the core means of proving identity. I use that appro

Information & Ethics committee  You paint a picture I recognize. It sounds very similar to the United Kingdom model, with data held in multiple places, often with conflicting information. I'm very much a believer in the citizen having access to their data and control over it precisely for that reason. I think

Information & Ethics committee  Yes, I think the principle is very sound. Obviously there are occasions when the state needs make investigations in the background to which it would not be appropriate to alert the citizen, such as cases of fraud or crime, but as a general principle I think it's right. That's p

Information & Ethics committee  It would ideal if we had a composite health record. I'm also very conscious, with the growing use of wearable devices, that our health information now spans far wider than it did in the past. For example, I'm wearing a device that measures my heart rate periodically, and my exe

Information & Ethics committee  That's a good question. I think part of it comes back to my concern around the issue of privacy engineering and security engineering. There could be an extent to which breaches at the technical level could be automatically reported and made visible without any human interpretat

Information & Ethics committee  I agree. I think there are probably multiple solutions here. One is improving the quality of the training and awareness available to officials. The second is improving the design of some of the systems. For example, why do so many screens, when officials access them, reveal in pl

Information & Ethics committee  Just to clarify, the ID card program was terminated in 2010 with a new incoming government. It started in around 2005 or 2006. It was effectively in two parts. One was a national identity registry, which was going to contain 140-something pieces of personal information, both bi

Information & Ethics committee  There were a variety of reasons. Some of them were around civil liberties. It was seen as a single database register of every single U.K. citizen, which is alien to U.K. culture, apart from during the Second World War when people had identity cards, which finished sometime soon a

Information & Ethics committee  Yes, exactly. It made the fundamental error of assuming that having a single identity number for everything would be a good thing in a highly computerized age, whereas the Estonian model, which is based around a unique ID but keeps your data segmented, if you like, logically wher

Information & Ethics committee  We have multiple numbers. We have a national insurance number, which is issued by the Department for Work and Pensions, which is used by them primarily. We have unique tax reference numbers used by the taxation department, Her Majesty's Revenue and Customs. We have NHS, National

Information & Ethics committee  Yes, most of them are an alphanumeric mix. The NHS number might be purely numeric, but the others are an alphanumeric mix. I'm trying to think. My national insurance number is 10 digits altogether. It's a grouping of five two-digit—