New Approaches to Identity Management and Privacy
The collection and storage of large amounts of personal information in databases, as well as the possible sharing of that information amongst different organisations, leads to increased risks for individuals. The more information that is held and/or shared, the greater the potential impact on an individual were that information to be lost or stolen.
Identity management – the use of personal information in order to adequately identify an individual who is trying to access your products or services – is an important tool as it not only protects organisations through ensuring that the right person is accessing the right services but can also be a way of helping to protect individuals from the risks that large databases and increased information sharing bring through giving some control and choice back to the individual.
Traditionally, identity management has centred on allocating a single identifier to an individual and putting all the information about them in a database. However, there are other identity management techniques which can reduce the risk posed by putting information all together in one collection or using a single, common identifier.
This paper was commissioned by the ICO from experts with experience of the different identity management techniques in order to describe the different solutions available which can bring protection to individuals and the situations in which these solutions can be appropriately applied. Different identity management techniques will be applicable in different situations. The purpose of this paper is to help inform those working in this area of the alternative forms of identity management techniques that are available and which can help to protect privacy.
Whilst the paper was commissioned by the ICO, it is aimed at broadening the understanding of the identity management techniques available rather than the Commissioner advocating a particular technique in all circumstances.
View the full findings
UK consumers wake up to privacy
The ICO commissioned a survey of 1,000 individuals into their attitude towards personal information and how it is held by organistions following the recent high profile data loss by HMRC. The research was conducted by ICM in February 2008.
View the full findings
Notifications payment research project
The Information Commissioner’s Office is considering developing new proposals for the notifications fee and to help inform these proposals research has been commissioned amongst organisations which have notified.
We have commissioned SMSR Ltd to undertake the study on our behalf. SMSR Ltd is an independent market research company based in Hull which adheres to the Market Research Society’s Code of Conduct.
The information provided by respondents will be treated as private and confidential, with individual responses remaining anonymous.
Stakeholder perception study
A commitment of the stakeholder relations strategy, launched in 2007 is to track progress of our actions. As a result a survey was undertaken in March 2008 to measure perceptions of the ICO amongst key stakeholders.
The stakeholder perception study involved stakeholders which have a high interest in what we do and can have a high influence on ICO, data protection and freedom of information issues.
The research was conducted on behalf of the ICO by Jigsaw Research and Critical Research, both independent market research agencies based in London.
Stakeholder perception study: research report
Privacy Impact Assessment Project
The ICO commissioned a study into the use of Privacy Impact Assessments (PIAs) around the world. Coordinated by the University of Loughborough, this groundbreaking work looked at the use of PIAs in other countries, identified the lessons to be learned from their experiences and developed a PIA methodology for use in the UK.
Privacy Impact Assessments: international study of their application and effects
Appendix A - Framework for analysis
Appendix B - List of interviewees, by jurisdiction, agency and organisation type
Appendix C - Jurisdictional report for Canada
Appendix D - Jurisdictional report for the United States of America
Appendix E - Jurisdictional report for Australia
Appendix F - Jurisdictional report for New Zealand
Appendix G - Jurisdictional report for Hong Kong
Appendix H - Broad jurisdictional report for the European Union
Appendix I - PIA templates and guides by jurisdiction
Surveillance society: qualitative research report
The ICO commissioned a qualitative research study in September 2007 to explore the public’s true concerns about surveillance which involves the gathering, recording, processing, monitoring, analysing, sorting and flow of personal information, movements, lifestyle habits and behaviours.
Public opinion was sought on what individuals consider the effect of surveillance to be on their privacy, society, levels of choice, power and empowerment and what safeguards they feel are necessary to control any perceived risks.
The results of the study will contribute to the public debate on the surveillance society and are being presented at the ‘Surveillance Society: Turning Debate into Action’ conference the ICO is hosting on 11 December 2007.
A Surveillance Society: Summary of research
A Surveillance Society: Full research report
Publications research
The ICO has conducted research to obtain feedback on a selection of its publications amongst individuals and organisations. The publications which feedback has been obtained on are:
-
Lights are on DVD;
-
Credit explained; and
-
Personal information toolkit.
The findings overall were very positive, and useful feedback was obtained for improving future ICO publications.
View the full findings
Research into young people’s views, and use of social networking sites
The ICO has commissioned a survey of 2,000 14-21 year olds into their views, and use of social networking sites. The research was conducted by Dubit in October 2007.
Data Protection Topline Report
Surveillance society project
' Are we sleepwalking into a surveillance society? The threats to individuals and the challenges for data protection authorities '
This report details the state of development of the surveillance society taking account of the increasing amount of personal information collected about individuals as they go about their daily lives, how this is being used and the privacy risks that may arise now and in the future.
The report formed the centre piece of discussion at the 28th International Data Protection and Privacy Commissioners ' Conference, hosted by the Commissioner in London on the 2nd and 3rd of November 2006.
The ICO commissioned the Surveillance Studies Network (SSN) to undertake the research. The SSN are an independent not-for-profit organisation dedicated to the study of surveillance practices.
A report on the Surveillance society
A report on the Surveillance society - appendices
A report on the Surveillance society - public discussion document
A report on the Surveillance society - summary
Children’s information held on databases
‘Children’s databases – safety and privacy’
This independent research report focuses on children’s personal information stored in databases and the issues this raises for data protection. It highlights the importance of safeguarding children’s personal information and the issues that should be considered when designing and using such databases. The ICO commissioned the report from the Foundation for Information Policy Research and a team led by its chair, Professor Ross Anderson , Professor of Security Engineering at Cambridge University . The views expressed in the report are those of the authors and are not necessarily those of the ICO.
IPR report - Children's databases - safety and privacy
ICO issues paper - Protecting children's information
Customer Satisfaction Survey: Data protection - Data controllers (2005)
In January/February 2005, we conducted a customer satisfaction survey among data controllers who had submitted written data protection enquiries to the ICO between mid - September and mid - December 2004. We commissioned Jigsaw Research to conduct the survey. The key objective of the research was to assess levels of satisfaction experienced by data controllers using the services provided by the data protection compliance department. In particular, the research was commissioned to assess:
-
Satisfaction with service delivery and, in particular, to assess how well staff were seen to perform
-
Which communication channels were used and what user preferences were.
The results of the survey have been fed into the our continuous improvement programme and are available below:
Customer Satisfaction Survey: Data protection - Data controllers survey results