Identity management has always been an area of primary focus for governments, enterprises, and citizens. For governments, importance of identity in the matters of security and distribution of services, cannot be overstated. For enterprises, it is business-imperative to quickly secure a customer for their products/services, and track the economic behavior of the customer. Citizens have always needed ways to establish their credentials and reaffirm their eligibility for enjoying certain services. However, we are now witnessing major transformational changes in the way individual identity is established, verified, and accepted.
Understanding Digital Identity
Before expounding on Digital Identity, we look at the general idea of an identity. Identity is a collection of one or more attributes that define some entity, which is typically involved in transactions.
- Entity can be physical or abstract: an individual, an enterprise, a computer, a painting, or even some software.
- Attribute can be any property that is inherent to the entity, gained/developed over time, or acquired externally.
An identity ecosystem is characterized by users, identity providers, relying parties, and a governance body.
For example, ‘Date of birth’ is a property (attribute) of a child (entity), seeking admission (transaction) to a school. Here, school (relying party) depends on civic body (identity provider) that provides proof of date of birth, as birth certificate. Governance body could be the larger education wing of government, to oversee protocols of school admission.
When attributes of some entity can be expressed/stored digitally, and transactions performed by that entity can be executed digitally/electronically, such attributes can be said to form a “digital identity” of the said entity. For this blog, we restrict the scope, to citizens (entities) and their digital identity.
Let us see how key elements of an indicative digital identity ecosystem interact with each other.
Many nations are embarking, or, already on way towards establishing a sustainable digital identity management framework. In India, the “Aadhaar” program is intended to provide a unique digital identification to the large Indian population. Similarly, the “Govpass” initiative in Australia provides digital identification when citizens need to avail various government services. EU is looking at the notion of “Single Digital Market”, and is considering “eID” as the element of cross border recognition of identity within EU member states.
Digital identity framework will need to manage huge volume of citizen data in a secure manner. Following key data management functions will play a vital role:
- Data Storage and Security: Governments will need to establish on-premise data centers and explore cloud storage for storing colossal volume of digital identity data. Data centers will need to be safeguarded with the highest level of security protocols that ensure maximum security of data, both at physical and network level.
- Data Recovery and Backup: Data centers will need to have required backup and recovery mechanisms in place. Countries may want to engage with other friendly countries, to establish disaster recovery sites on mutual basis. This will play a crucial role in circumventing the challenge of data loss, during times of military conflict or natural calamities.
- Secure Data Access: Data security measures must ensure that data is accessed on a ‘need-to-know’ basis only, adhering to the principle of least access.
- Data Privacy: With stringent data protection regulations such as GDPR in place, principles of data privacy will need to be incorporated by design and default. If digital identifier itself is sensitive, there could be a “real” digital identifier and associated “working” identifier.
- Data Quality: As data ages, values change and errors creep in. Over time, new attributes may get defined, for which, historical records will not have any value. Data update, correction, enrichment, and standardization processes must be in place.
- Consent Management: Citizens need to be explicitly informed about the nature and purpose of data to be collected, and their consent must be solicited explicitly.
- Data Retrieval: When service provider accesses digital identity platform for verification, data should be returned fast and on-the-fly.
- Data Archival: Data pertaining to deceased persons may be moved to separate data stores.
- Governance: All required instruments of governance and tracking, such as audits by independent bodies, compliance reporting, notifications, and workflows will need to be deployed to ensure that the digital identity program runs in a fair and transparent manner.
They Way Forward
Digital identity management will involve multiple stakeholders including government, citizens, and service providers, implementing bodies, and auditing agencies, amongst others. The ultimate benefit of digital identity will be each citizen of the country having a unique recognition. This will help governments track and ensure that its citizens are not deprived of their entitled social benefits, enable faster law and order processes, and reduce graft.
Backed by the technological forces of Data security, Big Data and Mobility, countries will need to handle the mammoth data gathered by digital identity framework, making it one of the most involved data management exercises, with data privacy, security, and quality of paramount importance.
The key data management functions mentioned above will be integral to the larger digital identity management ecosystem that nations may wish to deploy.
Please feel free to share your thoughts in the comments section below.