Identity and its management is now an integral part of web based services and applications. It is also a live political issue that has captured the interest of organisations, businesses and society generally. High profile security breaches, the spread of online criminality and identity theft have led to increased focus on the design and implementation of sound identity management systems. Virtualisation of data not only raises issues concerning security. As identity management systems assume functionally equivalent roles like authentication, accreditation and determining access, their significance for privacy cannot be underestimated. The Center for Democracy & Technology (CDT) has recently released a draft version of what it regards as key privacy principles for identity management in the digital age. This paper will provide an overview of the key benchmarks identified by the CDT. The focus of this paper is to explore how best the Data Protection legislation can be said to provide a framework which best maintains a proper balance between "identity" conscious technology and an individual's expectation of privacy to personal and sensitive data. The central argument will be that increased compliance with key principles is not only appropriate for a distributed privacy environment but will go some way towards creating a space for various stakeholders to reach consensus relating to the standards applicable to existing and new information communication technologies. The Data Protection legislation provides the basis for achieving an optimal balance between security and privacy concerns. The conclusion however is that securing compliance with the legislation will prove to be the biggest governance challenge - standard setting and norms will go some way to ease the need for centralized regulatory oversight.
- privacy; identity
Available at: http://works.bepress.com/rebecca_wong/7/