Public Services > Central Government

Scotland mulls expanding devolved ID assurance solution

Neil Merrett Published 08 April 2015

Holyrood aims to extend use of a national ID assurance service to central government bodies to meet what it claims is a preference for a public sector-managed solution


The Scottish government is considering rolling out its 'myaccount' identity assurance tool to central authorities in the country in order to allow individuals to securely access online services provided by a wider number of public sector organisations.

After launching myaccount last year to provide an easy sign-in for certain local authority and health services, the Scottish government said it was looking to amend regulations that will allow the tool to be adopted by "all organisations delivering devolved public services".

These amendments would allow Holyrood to meet what it argues is a Scottish preference for a public sector-managed ID service.

This is a direct contrast to the UK government policy on ID assurance, where the Government Digital Service (GDS) is working on rolling out its GOV.UK Verify platform across the majority of its online services over the next 12 months. Verify is designed to allow a user to select one of several accredited companies to perform a check on their identity.

This will replace the need a single government database to perform identity checks, according to the Cabinet Office.

Built exclusively for use by public sector organisations in Scotland, myaccount works to verify identity by checking an individual's name, date of birth and gender against publicly available information held by the National Records of Scotland (NRS) body.

Available to local authorities and health boards, my account is at presently used by the City of Edinburgh Council and the 'MyDiabetes MyWay' national health programme.

Any proposed changes to Scotland's existing regulations on adopting myaccount are expected to be made by June 9, according to official consultation documents.

"The Scottish government considers that the people of Scotland will prefer a public sector, not-for-profit body to be responsible for myaccount. The myaccount service is funded by Scottish government and managed and operated by the Improvement Service, on behalf of the public sector," added a government spokesperson. "The Improvement Service is a not-for-profit publicly funded organisation that works to improve the efficiency, quality and accountability of local public services."

Scotland claims that the service has been designed to maintain privacy by ensuring it fully aligns with its own Identity Management and Privacy Principles.

With a consultation process over extending the service to central authorities now closed, the Scottish government said the exact type of organisations and services that may look to incorporate myaccount was yet to be finalised as it was still considering responses.

However, the consideration process has coincided with a much wider debate over the use and sharing of personal data in Scotland.

Just last month, Members of the Scottish Parliament (MSPs) came under criticism from privacy and civil rights groups over the decision to undertake full scrutiny of plans to allow over 100 public bodies to access data through a unique NHS number provided to patients in the country.

Critics of the plan have accused of authorities of trying to introduce ID cards by stealth through proposals such as allowing organisations like HM Revenue and Customs (HMRC) to view certain data held on a NHS Central Register (NHSCR).

Holyrood has argued that efforts to open up the NHSCR to a wider number of authorities would not compromise its data protection commitments and share only a limited amount of data that would exclude medical records.

According to consultation documents, the expanded access to data would allow for improvements in how authorities manage services, such as in areas like tracking patients or missing persons.

"Where the NHS in Scotland provides treatment to non-Scottish residents it is entitled to recover the cost of the treatment. This is currently not possible when the individual leaves Scotland. To enable this to happen it is proposed that NRS should be able to share data on the individual with the UK Visas and Immigration department, to enable them to locate and bill the individual," the document said.

Central databases and data protection have proved contentious for public authorities across the UK.

Late last year, the UK government's Identity Assurance Programme head Janet Hughes told Government Computing that GOV.UK Verify had not been devised as an alternative to abandoned plans to introduce a national identity card. However, Hughes noted that the development of the ID assurance platform did address some related concerns concerning a UK database.

"It is not a policy decision that was going to be taken in this country to have an identity card or a database, so that just simply is not a thing that's available, so there is no value in considering from our point of view whether that would that have been easier or not," she said.

"It's not something we have ever considered. It just isn't what any of the main political parties want to have as their policy. [GOV.UK Verify] is what you do when you don't have that [system], in order to solve the problem of identity."

Related articles:

Barclays and PayPal to support GOV.UK Verify

Warwickshire eyes April target for ID framework

ID providers must "start from scratch" for new Verify approval

Whitehall considers EU ID assurance access

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.