Case Study

Using Open Privacy Standards To Give People Easier Access To Public Services

This is how we designed a solution, based on open privacy standards, to give 900,000 people easier access to public services while maintaining control over their personal information.

TL;DR

How it started

It’s reasonable to say that your government, wherever you may live in the world, holds a lot of information about you. It’s also reasonable to say that much of what they hold would be considered very personal.

This information could include your name, address, phone number, date and place of birth, the car you drive, when you purchased it, your medical history, the medication prescribed to you, the employers you’ve had, the taxes you’ve paid, your pension contributions, any benefits you may have claimed, the purchase price of any properties you might own and a whole slew of other details about you.

The elements that make up this picture of your life aren’t held in a single place; all this information about you is spread across multiple, entirely separate systems. Much of it has been typed in manually by a human and humans are notoriously prone to typing errors so there’s no guarantee that it’s even accurate.

So, we have multiple items of personal information about an individual, spread across many disparate systems, that may or may not be correct and most of these systems don’t interact with each other. This is why each department asked for the same information to be provided by anyone requesting access to public services. People didn’t like it, couldn’t understand it, and nobody could explain it to them.

When one government department decided to try to change this and make the process of applying for access to public services simpler and less stressful for all, they were met with scepticism at the idea that this was even a possibility.

That’s when they asked for our help.

The Results

Successful Proof of Concept

The 900,000 user Proof of Concept we designed and delivered now forms the basis of an expanded programme to deliver easier access to public services to over 20 million people

Design principles for future development

The specialist government technology department we worked with has a set of design principles to enable them to deliver granular privacy and consent management across any project

One step closer to personal information controlled by the individual

Those responsible for government technology projects now have a blueprint for how to securely give people control over their own personal data

Proved the feasibility of using Open Privacy Standards for large-scale deployment

This engagement proved to the wider government technology teams and management that Open Privacy Standards, such as UMA, can work without having to invest in commercial alternatives

The Full Story

How did things work before?

In order to apply for access to public services, people were required to scan and upload proof of identity, proof of address, proof of any existing government benefits being received, and details of all existing medical conditions and medications.

For most of us, the government already holds driving licence details, some form of medical history, home and other addresses, financial and tax information, and details of any social welfare benefits received.

Because this information was not shared across departments, each application for services and benefits required the applicant to scan and upload it, even though in many cases, they were scanning paperwork they had received from the government in the first place. From a data protection and security perspective, filling out multiple online forms and uploading copies of scanned documents creates new sensitive personal data, with a strict and burdensome administration overhead.

How did you deliver improved service and privacy?

The project focused on removing the risk and inefficiency involved in the request process, so that once someone has proven their identity, they are issued with a set of trusted credentials. Using these credentials, all future requests are simplified and only involve selecting whichever additional service or benefit they are applying for.

By leveraging the power of the User Managed Access (UMA) open standard, we designed a solution which can reach out to various government databases and collect the required attributes such as driving licence, social security number, benefits information, medical history, electoral register for address etc. while ensuring that the user maintains complete control over the use of the information held about them.

How does someone manage their personal data?

If the person has not previously approved the use of the information, UMA will present the details of any attributes where consent is missing and request that consent, detailing exactly the purpose, use and sharing of that specific information, allowing the user to choose how each element can be used and by whom. This results in a more sensible approach than asking for scanned copies of information that the government already holds. It also comes with the added benefit of creating no new copies of sensitive data to be managed.

A simple web application allows someone to see which systems hold what data about them. They control the sharing of that data between government systems and with non-government agencies. They can select an attribute from one source as the ‘master’ to correct inaccuracies across the other systems and all without anyone needing to do scary hard and expensive stuff like data consolidation.

How does what you built change things?

The Proof of Concept we created has become the foundation of an expanded programme to enable much simpler and more efficient access to public services, while ensuring that control and use of personal information will be placed in the hands of the person it belongs to.