Digital Identity Trust Framework
The Digital Identity Trust Framework is a regulatory framework that will set out rules for the delivery of digital identity services.
The trust framework will address gaps in regulation and assist the development of trusted, people-centred digital identity services.
The framework applies to service, technology and information providers. It includes supporting governance, accreditation and legal enforcement mechanisms.
Five proposed components
The trust framework is proposed to have 5 components: accreditation, legal enforcement, governance, participants and rules. These relate to creating the legal framework for the Trust Framework Bill and developing the rules:
Creating the legal framework:
- Accreditation — establishing a body to accredit participants and a mechanism to demonstrate accreditation
- Legal enforcement — establishing mechanisms to make the rules legally binding upon accredited participants
- Governance — establishing a governing body to update and maintain the Trust Framework’s rules.
Developing the rules for how the system will work:
- Participants — defining the participants in a trusted digital identity system and the roles that they will play
- Rules — the standards and legislation participants will abide by, with a focus on identification, privacy and security. These may be existing or in development.
Developing the rules
The rules will cover 5 key categories:
- Identification management — defining how a user can be identified and authenticated so that they may have access to systems and services.
- Information and data management — defining how information is administered and determining the use, management, and protection of data.
- Security and risk management — reducing and mitigating risks relating to the creation and sharing of information in a digital manner.
- Privacy requirements — includes the incorporation of requirements under the Privacy Act 2020.
- Sharing tool requirements — includes consideration of the consent and delegation models to be used.
The rules will be further defined by referencing existing standards and some that are under development. This includes the Identification Management Standards.
Te Ao Māori and Te Tiriti o Waitangi perspectives and requirements will be embedded in each category.
To help ensure a trusted environment that works for all participants, the Digital Identity Programme encourages collaboration among the public and private organisations that will be responsible for delivering parts of the infrastructure.