On this occasion, BLT doesn’t stand for Bacon Lettuce and Tomato but rather for Business, Legislation and Technology, these being the necessary ingredients for the successful adoption of digital identities.
At HooYu we can’t claim credit for this metaphor; it was in fact put forward by Mark Sugden, Head of Identity at the UK Disclosure and Barring Service (DBS), when he presented at last week’s HooYu dinner for the background screening industry.
Given the pace of change in the identity check process for DBS applications, and new employee Right To Work check legislation, the HooYu team recently hosted a food for thought dinner for leading screening providers and large public sector employers in the inspiring setting of St. Paul’s Cathedral.
In this blog, we’ll restrict the focus to the background screening and Right To Work use cases, so back to the metaphor, after many years of false starts and flawed identity schemes, what are the key ingredients for the successful adoption of digital identities? Seeing as a BLT doesn’t have to be built in a particular order, we’ll start by examining the Legislation first, given that’s the foundational ingredient in this recipe…
Legislation
The UK government has made substantial progress on a Digital Identity and Attributes Trust Framework (DIATF) that lays the foundations for the regulations around digital identity. Whilst still in alpha form, the DIATF sets out benchmark standards for identity assurance across multiple industries and use cases. The DIATF has also created a certification regime whereby companies providing identity verification services (IDVTs) must be accredited and just last week, the UK government announced the six approved certification providers.
Currently in Alpha, the Beta version of the DIATF is due out spring/summer this year but what’s currently not clear is the identity(!) of the governing body, how liability will be treated between IDVTs and relying parties, or the primary legislation that needs to be enacted.
However, the impressive DCMS progress towards legislative cover to drive the permitted use of digital identity now has unstoppable momentum. Both in the UK and abroad, a re-usable digital identity model is the future, and point solutions to verify identity will no longer be compliant.
Several industry sectors are well ahead with plans to work with this legislative change, the background screening industry for example already has guidance from DBS, using the DIATF as a model, for a compliant digital identity verification process that adheres to Levels of Confidence, as stipulated under GPG45.
The DBS guidance gives clarity to the process that an organisation submitting a DBS check must follow to prove identity before the background check can begin.
As a related use case, the UK government is enacting new legislation on the Right To Work that comes into effect on September 30th which prescribes the same standards for digital identity checking as part of Right To Work checks.
Do we have enough Lettuce (Legislation) in this recipe? Yes, great progress, with more to come…
Business
The BLT recipe just won’t be successful unless businesses have an appetite (no pun intended!) to adopt and implement digital identity processes. In the UK, there has long been a tradition of use of digital KYC processes using providers such as HooYu for identity database checking and online ID document validation.
That said, the DIATF (and ensuing industry identity schemes) are a step change in how businesses can check and consume customer identity. So, the key question here is are businesses ready to embrace digital identity and do they understand the new requirements? Do businesses see the benefits?
Businesses are slowly getting to grips with the new requirements, in fact the government just delayed the implementation date for the Right To Work use case legislation, to allow businesses further time to scope compliant processes with IDVTs such as HooYu.
What we can answer with certainty is that both the screening providers and the recruiters recognise the benefits of a digital identity check process.
It’s quicker – a digital identity check process can be triggered at point of job offer or DBS application and users can glide through in less than a minute, compared to a manual process that takes hours if not days.
It’s more robust – a digital identity check process brings bank-grade tech to HR departments and DBS officers. HR staff and safeguarding officers aren’t experts in document examination!
It’s more secure – IDVT’s design their processes with privacy, Data Protection, and security in mind so that security pitfalls of emailing or photocopying ID documents are consigned to the past.
Technology
In recent years, identity verification technology has undergone several evolutions. The initial KYC 1.0 that offered a simple identity database check proposition made way for KYC 2.0 where online document validation helped companies to check the person claiming that identity, could provide evidence that they owned that identity. KYC 3.0 moved into orchestration of multiple KYC services bringing geolocation, negative data checks, facial biometrics, liveness detection and identity confidence scoring. KYC 4.0 brought a refined UI and UX that helped the user to glide through their customised KYC journey.
All these advances in how user identity is verified are now being formalised and incorporated into a manual for regulated sectors.
BLT anybody?
The businesses, the legislation, and the technology to make digital identity a reality are coming together in a way that makes digital identity palatable for all stakeholders. What can’t be forgotten of course is the end user, and if you want to get a flavour of consumers’ appetite to use a digital identity then look no further than this HooYu report, Are consumers ready to adopt a reusable digital identity?
In the meantime, if you’re hungry for more insight as to how we can all build digital identity better together, please email us on info@hooyu.com
