05 March 2019

10 things you need to know about digital identity

10 points on the what, how and why of digital identity

digital-identity

Click on image to download one-page PDF

1. A digital identity can arise in many ways…

At its core, a digital identity is a set of attributes that can allow an individual or entity to be represented in digital form in an online environment. It could even represent a thing.

2. …and take many forms…

A digital identity can take a myriad of forms, ranging government protocols to private solutions and “self-sovereign” products. Even a gaming “avatar” and a social media profile are forms of digital identity. Digital identity may be accessed via a card / device, username / password or via your biometric data – or a combination.

3. …with a variety of attributes.

The data may be verified by a government body, financial institution or other third party. Conversely, it may simply be self-certified, or even false. It may comprise basic details such as name, date of birth and identification number, or extend to much deeper information, such as medical history, preferences, behaviour and social graph data.

4. Creating a digital identity can be simple or complex…

A digital identity can arise organically from information provided and activities online or it can be purposefully produced.  Various technologies underpin these projects, including encryption, cloud, open API and/or blockchain.

5. …and it can be used in a variety of ways…

Digital identity can be used to facilitate identity authentication, digital signatures, rapid form-filling, regulatory compliance, data analytics and building cognitive systems. There are numerous current use cases, including Estonia’s e-identity programme, India’s “Aadhaar” scheme, and industry-specific applications such as Sweden’s “BankID”. The United Nations also deploys digital identity through the World Food Programme.

6. …including smart contracts and IoT.

Digital identities can help power smart contracts.  When attached to things, they are also especially useful for building the internet of things (IoT), and assisting with its effectiveness and systemic integrity.

7. It must meet legal and regulatory requirements.

Data privacy, cybersecurity, outsourcing, anti-discrimination laws and other local market expectations must be addressed. If digital identity has a “regtech” compliance aim, it must also be fit for that purpose.

For example, digital identity can only be used for AML/CTF purposes if it is accurate, reliable and up-to-date. Whether or not data meets these tests depends largely on its source. For example, if open API connects a digital identity with government-held data, it is far more reliable than self-certified information.

8. Digital identity does not come without risk…

The most significant risk is data breach, particularly where sensitive information is used. In particular, biometric data can make digital identity more secure, but if “stolen”, it cannot be “reset” as with a username and password. An individual’s fingerprint will always be their fingerprint.

9. …which can be mitigated but not eliminated…

Risk is minimised through proper design, diligence and documentation. Three-factor authentication, the use of open APIs to minimise the creation of “honey pots” of data, regulatory controls and well-drafted contracts are some of the key risk management tools.

Blockchain technology can also be useful, although one of its greatest advantages (immutability) can pose a barrier to privacy compliance if carelessly adopted. This means that legal and regulatory issues must be a part of its fundamental design.

10. …and responsibility must land somewhere.

The use of digital identity needs a robust statutory and/or contractual liability model to address complaints, civil claims and other consequences arising from the misuse, loss or unreliability of data.

Importantly, it is not always possible to contract out of all liability. Regulators also often take a dim view on exclusions that unfairly affect customers. Reputation risk is particularly critical to manage, as digital identity is fundamentally predicated upon trust.

Key contacts

Digital Intelligence

Digital innovation will be a game changer across a wide variety of industries globally. Our Digital Intelligence hub contains a number of resources to help you embrace and face digital disruption head on.

Digital Intelligence

A Guide to Doing Business in China

We explore the key issues being considered by clients looking to unlock investment opportunities in the People’s Republic of China.

Doing Business in China
Share on LinkedIn Share on Facebook Share on Twitter Share on Google+
    You might also be interested in

    We discuss 5 things you need to know after removal of investment quota under (R)QFII.

    19 September 2019

    We summarise the Hong Kong Association of Banks’ latest FAQs on some thornier AML/CFT compliance issues.

    06 August 2019

    With more concerns about enforcing the PRC Property Law (article 219), certain default rules are recently published under our advisory experience.

    26 July 2019

    The Hong Kong SFC recently issued two circulars to clarify the requirements for online account opening by licensed corporations.

    11 July 2019

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.