Thanks for that. My interest in this comes from pensions angle. Pensions dashboards are meant to be available in a couple of years ie people can log in to a dashboard and see all their pensions in one place. They have chosen one login as the identity provider so once user has logged in, the dashboard will have all the Id information that…
Thanks for that. My interest in this comes from pensions angle. Pensions dashboards are meant to be available in a couple of years ie people can log in to a dashboard and see all their pensions in one place. They have chosen one login as the identity provider so once user has logged in, the dashboard will have all the Id information that returns to use to match up to pension records. Pension schemes are required to record NINO so I was surprised when I looked at the standards to see that was missing. Without that, the dashboard is going to have to use other data - basically name and address to try to match up to pension records which will be less reliable.
Instinctively the NINO feels like a good, unique way for public services to identify people in the UK, and it was common for a long time - but recent guidance has highlighted some reasons not to rely on NINO. If you want some especially dry bedtime reading, there's GPG 45...?
Also the pensions dashboard ecosystem is quite complex, so I worry there may be some organisations involved which don't necessarily collect NINOs.
(Personally I think that an earlier GPG, in the CESG era, was partly responsible for torpedoïng Government Gateway, and setting back online public services by years - but times have changed)
Thanks for that. My interest in this comes from pensions angle. Pensions dashboards are meant to be available in a couple of years ie people can log in to a dashboard and see all their pensions in one place. They have chosen one login as the identity provider so once user has logged in, the dashboard will have all the Id information that returns to use to match up to pension records. Pension schemes are required to record NINO so I was surprised when I looked at the standards to see that was missing. Without that, the dashboard is going to have to use other data - basically name and address to try to match up to pension records which will be less reliable.
Instinctively the NINO feels like a good, unique way for public services to identify people in the UK, and it was common for a long time - but recent guidance has highlighted some reasons not to rely on NINO. If you want some especially dry bedtime reading, there's GPG 45...?
https://www.gov.uk/government/publications/identity-proofing-and-verification-of-an-individual/how-to-prove-and-verify-someones-identity
Also the pensions dashboard ecosystem is quite complex, so I worry there may be some organisations involved which don't necessarily collect NINOs.
(Personally I think that an earlier GPG, in the CESG era, was partly responsible for torpedoïng Government Gateway, and setting back online public services by years - but times have changed)