HK eID to support private services

HK eID to support private services

HK eID to support private services Secretary for innovation and technology Nicholas Yang last week joined the Legislative Council responding to questions regarding the electronic identification (eID) system, which is expected to launch in 2020.

The eID system, announced in the 2017 Policy Address, will act as a single digital identity and authentication system that residents can use to access most government services requiring authentication.

In a written respond to a question raised by Legco member Charles Mok, Yang said the government also plans to actively promote the use of eID in services and products developed by private sector organizations.

Likewise private sector stakeholders will be consulted along with relevant government departments and public sector organizations during the design of the system, which will be built to provide the flexibility to supports services provided by public and private organizations in future, Yang said.

As part of this process, the project leaders plan to consult the Legislative Council Panel on Information Technology and Broadcasting in the first quarter of next year.

After this consultation, funding approval will be sought from the Finance Committee and a tender will be launched.

To reflect Hong Kong's high mobile device adoption levels, eID will be used in a virtual form on mobile applications or other online platforms. It will not use a smart ID card as a carrier so it is not constrained by the limitations of using card readers and computers.

eIDs will be provided on an opt-in basis. To ensure privacy and foster confidence in the system, eIDs will be protected by the latest security and encryption measures.

 

Privacy and security risk assessments will be conducted during the design, development and testing stages, and regular assessments will be held after the launch. Other post-launch security measures will include the development of incident response mechanisms and related measures, as well as continuous monitoring for network security vulnerabilities and threats.

Read more on