Bluink Blog

Privacy, Security, and a Digital Identity: It takes a village to raise a Digital Identity

Posted by Steve Borza · 304 words

 

I want to thank the Ontario Information and Privacy Commissioner’s office for taking the time last week to meet with Bluink (virtually of course) and discuss the privacy and security implications of our eID-Me digital identity solution. Fred Carter, Janet Gore, and Renee Barrette all provided excellent feedback, points for discussion, guidance, and an understanding of the Canadian privacy landscape that will help guide our deployment of eID-Me across Canada in a secure and privacy-respecting manner.

 

It was a learning experience on both sides. It allowed us to consider privacy issues related to relying parties who will request citizens’ information through our Federation Service (IdP). The discussion will help us frame the governance policy around what relying parties, who connect with our Federated Identity Provider (IdP), are allowed to do with information that citizens provide to them, and what is not allowed. Specifically, if personal information (PII) is requested for one purpose, it is not allowed to be used for another purpose.

 

This clear privacy concept helps us frame how we will request permission for a citizen’s identity information to maximize convenience and use, while respecting this privacy requirement.

 

As we move forward with our launch of eID-Me for use by citizens across Canada, we want to ensure that we have considered the privacy requirement and implications of how a digital identity is used and how it works. It is only through free and interactive discussion between identity technology providers like Bluink and privacy professionals that we can work out the rules of engagement and get it right the first time.

 

It takes a village. Thanks for being part of ours!

 

Now, could I get you some tea?

 

Steve Borza

CEO, Bluink Ltd.

 

Related:

eID-Me Security Privacy and Skepticism