O4.4 Establish a trusted—unique, secure and accurate—identity system

Principle

O4: Assure data security by design

Risk

Life Cycle Stage

L3: Development

Practices

Identification systems must have adequate and effective safeguards against unauthorized access, tampering (alteration or other unauthorized changes to data or credentials), identity theft, misuse of data, cybercrime, and other threats occurring throughout the identification life cycle. Data must be protected at rest and in transit, including when people use their credentials, or including on personal devices. Security measures must include systems to raise awareness about safe utilization of the system and to notify data subjects in the case of data breaches, as well as recourse for identities that have been stolen or compromised and need to be reissued.

Personal data, including any data that are linked or linkable to an individual, must be protected from improper use proactively and by default through a robust legal and regulatory framework, system design, and the adoption of technical standards and operational controls.

Resources

References

World Bank (2021). Principles on Identification for Sustainable Development: Toward the Digital Age. Washington, D.C. https:// documents1.worldbank.org/curated/en/213581486378184357/pdf/ Principles-on-Identification-for-Sustainable-Development-Toward-the- Digital-Age.pdf