Public sector organisations should avoid creating large centralised databases of personal information and keep clear audit trails of how identity data is used, under new proposals published today.Source: The Scottish Government Consultation: Privacy and Public Confidence in Scottish Public Services: draft Identity Management and Privacy PrinciplesThe Scottish Government is consulting on Identity Management and Privacy Principles that aim to raise confidence in the management of personal data. Draft principles include:
- Proving identity or entitlement: people should only be asked for identity when necessary and they should be asked for as little information as possible
- Governance and accountability: private and voluntary sectors which deliver public services should be contractually bound to adhere to the principles
- Risk management: Privacy Impact Assessments should be carried out to ensure new initiatives identify and address privacy issues
- Data and data sharing: Organisations should avoid creating large centralised databases of personal information and store personal and transactional data separately
- Education and engagement: Public bodies must explain why information is needed and where and why it is shared
The consultation closes on November 23, 2009.
