Our Verified Attribute Prototype is Built

For the last few months we’ve been working on a Scottish Government project to develop a prototype for the sharing of verified attributes. You can see the latest official announcement about this here.

Verified attributes are created when and where a responsible body has used robust processes to ascertain and/or check a fact about a person. Verified information about people (for example, their age, address or any number of other facts about them) is hugely valuable because, if the right ways of doing things are put in place, it can be used to get things done — and it can be used repeatedly, for many different purposes, without the need for the original information to be collected again or to be checked again.

Current approaches to data require such recollection or checking of data every time the information needs to be used. This forces citizens to jump through far too many time-consuming, frustrating and sometimes costly hoops — providing the same information again and again to the different bodies (often even to the same body); having to travel to far away locations to present paper documents so that someone can verify them, and so on.

It also adds costs and builds in delay for service providers because they have to go through an information-gathering and checking process before they can get on with the job at hand.

Being able to access verified attributes enables both citizens and service providers to cut both costs and risks. If these verified attributes can be shared and brought together to round out the information that is known about the person, it can be used time and again for different purposes (thus cutting costs and risks many times over). At the same time, as more of this information gets bundled together, the richer it gets, thus expanding the range of things that can be done with it.

But these benefits don’t arise automatically. Lots has to be done to enable them to flow. Here are some of the hurdles that need to be cleared for an ecosystem of verified attribute use to flourish.

• ways have to be found to ensure that the attribute is indeed verified (i.e. kept up to date and accurate). It’s no good saying that a person has a driving licence today if they were disqualified from driving yesterday.
• ways have to be found to find the right sources of these verified attributes and for them to share either the data itself or a verification that the data is correct. This needs to be done safely, efficiently and securely.
• ways have to be found to protect the privacy of those whose verified attributes are being stored or used. The solution we are working on is to store these attributes in the individual’s own personal data/attribute store that remains fully under their control: where only they can ‘see’ inside their data store, and only they can decide if information is to be shared, with who, for what purposes.
• ways for individuals to easily and effectively exercise this control, for example, via processes managing consents and permissions.

That’s what the Attribute Prototype we’ve been working on was focused on, and we’re happy to say it’s worked well. As the official blog says, “we have successfully developed a fully working prototype [which] has proven the technical feasibility and provided ample opportunity for testing the usability of the proposed service”.

Why is this important?

If we look across all of the different departments, functions and activities of the Scottish Government it is sitting on an invaluable data asset of verified attributes about citizens — data that could be used to radically reduce the costs of service provision while improving its quality: making services better and cheaper at the same time in ways that make life easier for citizens while empowering them with their own data.

The Attribute Prototype has shown that a strategy to achieve these benefits in Scotland is indeed doable. But lots more still needs to be done. For example standardised ways of describing the data (e.g. metadata about where it came from, who verified it, when, and so on) need to be developed. We need to develop data directories that help people find the data they need quickly and easily. Mechanisms of consent and the communications need further development. The process of consent should be so easy that it becomes intuitive while ensuring that citizens remain fully in control of their data, able to understand what they are doing and why.

We are confident that at least some if not all of these questions will be answered by the Smart Entitlement Strategy that we are also working on. We are also kicking off further co-design work with Digital Health Institute to find better answers to user journeys and consent processes. As the announcement says, this is a really exciting time. Developing these capabilities helps us enormously with the rest of our work on the ground with citizens and front line teams to improve specific services and citizen journeys. A real, achievable opportunity is emerging to make a profound, lasting change in the way personal data works for citizens and society.