Identity Management
The BC Government has embarked on a large-scale government-wide project to update the ways in which it uses and manages information and technology. The stated goals are to improve information sharing, improve value for money, and transform public service delivery.
The Office of the Chief Information Officer of BC (OCIO) is responsible for the management of information and information technology in the government. The Chief Information Officer is located in the Ministry of Labour and Citizens’ Services. That Ministry is mandated to update the information technology infrastructure to enable the transformation of government service delivery in BC.
In support of these goals, the OCIO developed a strategic Information Management/Information (IM/IT) Technology Plan.
A core component of the IM/IT Plan is the intention to increase information sharing across government departments and ministries. It is argued that increased sharing and use of information will be more efficient and improve service.
If you want to know more about the government’s IT/IM Plan, the OCIO has issued several documents that describe the information technology standards that apply throughout the government and detail new strategic initiatives that are key to the transformation of government systems and infrastructure.
There are several projects which are of primary importance to the transformation of government systems in BC. Of these projects, the following appear to have obvious privacy implications:
- Identity Management
- Information Access Layer
- Integrated Case Management
- Data Warehousing and Business Intelligence Strategy
- IM/IT Strategic Infrastructure and Shared Services
Each of these projects will be briefly discussed, below.
A. Identity Management efforts
What is “Identity Management?”
“Identity management” is fancy language for a method of recognizing people based on specific information they provide that proves who they are and that gives them specific rights or privileges based on their identity.
Drivers’ licenses are a simple example of identity management. Drivers are identified by their license numbers and specific privileges (such as “allowed to drive on the highway”) are linked to the identifying number. The licence is proof of the person’s identity as a “licensed driver,” which gives you the “credential” entitling you to the right to drive.
Another example is your gym membership. You may carry your gym membership card with you, which identifies you as “Jane Doe, member of Exercise Gym”. Thus your “identity” in that context is “Exercise Gym member” which lets you use that gym and any related facilities. The card is proof of your “identity” as a gym member, which gives you a “credential” entitling you to use services at other gyms within the same corporate or community network.
Other common identities are customer, patient, student, parent, employee, benefits recipient, taxpayer, etc. Each identity will define you in a particular context and will entitle you to certain rights (or require you to comply with certain obligations).
What is BC’s Identity Management Project All About?
The scope of the Provincial Identity Management Initiative, also known as BCeID Next Generation (BCeIDng) is, in the words of BC’s Chief Information Officer, “very broad and its impact on business and technology almost universal”. *
The purpose of the project is to create a verified electronic identity for businesses and citizens to use when interacting electronically with government agencies and services.
This project was begun several years ago when it became clear that ministries were moving independently to establish websites to permit citizens to obtain services online, and each of these websites would require individuals to use different user IDs and passwords and would permit individuals to obtain only those services offered by that ministry or agency.
It was recognized that such a system would be expensive and impractical. So the long-term goal of the initiative is the creation of a provincial infrastructure for identity management. This will involve permitting the user to access services and information electronically, by proving his identity electronically. The interoperability of systems throughout the government is necessary for identity management to function.
Why Has this Project Been Initiated?
This project has been started because the government has identified the following needs:
- Information sharing for frontline service providers: The government believes it need to share information among the health, social services, educational and criminal justice sectors to improve how services are delivered to people.
- Information sharing for research purposes: researchers need information from across sectors to develop and evaluate public policy. It would be easier if the information was in an interoperable and accessible form, and the government says the technology must be created to allow researchers to access the information in a secure and privacy-protecting manner;
- Information sharing for citizen self-service: citizens can obtain more services online if there is a way of securely authenticating their identity – that is, a way of proving that the individual is who he says he is.
The creation of this infrastructure is a long-term project of the government. Currently, most of the work in identity management is being done in B.C.’s health sector. The province is using the development of the electronic health infrastructure to establish the technical standards and services for the whole system. That system is being built to support all other public service areas, including education, social services, justice and the resource sector.
What is the Status of the Project?
In early 2009, at the time of writing this handbook, the BCeIDng project was still in the developmental stage but the purpose of the project is to develop an infrastructure that enables registration, identification and authentication of people and information sharing about people as the subject and as the user of electronic services.
At this point, it appears that the governance structure to develop, enable and control identity management policies and standards has not been fully developed. The result is that policies and standards for information sharing have not been fully determined, nor have the privacy standards and rules to control the appropriate and secure sharing of information been finalized.
Indeed, privacy advocates in BC argue that very little satisfactory work has been done on the electronic health infrastructure to adequately protect personal information or give individuals sufficient control over the collection, use and disclosure of their personal health information.
In light of the BC government’s intention to use the e-health infrastructure for its broader social services integration, many question the effectiveness of the privacy safeguards which are now, or will be, in place.
More Information
- Introduction to the concept of Identity Management
- For a privacy-focused argument in favour of identity management
- For more information about the BC government’s work on identity management
- For general information about BC’s various technology identity management initiatives and for links to other sites
- Information on identity management work being done in other provinces
- The BC government published a paper in November 2007 discussing the needs driving the development of identity management technology and the possibilities offered by the ongoing work towards a useable identity management and authentication framework.
- * IM/IT Strategic Initiatives and Infrastructure: Guidance for Procurement Staff and Solution Developers, page 3
- Information about identity management in BC
- The work of the Inter-jurisdictional Task Force on Identity Management and Authentication. Much of the work done by this Task Force, including the framework it developed, is being incorporated in other BC Identity Management initiatives including BCeIDng.