Digital trust is the confidence users have in the ability of people, technology and processes to create a secure digital world.
Digital trust is given to companies who have shown their users they can provide safety, privacy, security, reliability, and data ethics with their online programs or devices.
Beyond mitigating data privacy issues, digital trust leaders are also 2.1 times more likely to mitigate data retention risks. Having trustworthy data allows companies to use their data wisely to make informed decisions in response to their present state, the marketplace and current or anticipated concerns.
Failures related to digital technologies, from artificial intelligence to connected devices, from the security of personal information to algorithmic predictions, have eroded confidence at an unprecedented scale and rate. Surveys have also registered a decrease in trust in science and technology, a trust gap that is growing year on year, just as reliance on digital networks and technologies is accelerating.
The European Union’s upcoming General Data Protection Regulation (GDPR) will affect every organisation around the world that handles personal data for EU residents. The regulations will also inform data protection laws and corporate trust-building strategies elsewhere.
The UK government is developing a ‘digital identity and attributes governance framework’ for the future use of digital ID. The framework is part of a project to create a digital ID process that can be used as an alternative to physical ID such as passports or bank statements.
Planned government legislation will aim to create a digital ‘trust framework’ to oversee a robust accreditation and certification process by which organisations can prove their adherence to the rules of the trust framework; enable a legal gateway between public and private sector organisations for data checking and establish the validity of digital ID.
The government has highlighted that these measures would be relevant to legal processes that involve situations where proof of identity may be required multiple times.
The framework maps out standards and requirements that organisations must follow when using digital ID, including: having a data management policy that explains how they create, obtain, disclose, protect and delete data; following industry standards and best practice for information security and encryption; telling users if any changes have been made to their digital identity; having a detailed account recovery process where appropriate and notifying users if someone is suspected of fraudulently accessing their account or digital identity and following guidance on how to choose secure authenticators.
For guidelines around establishing digital trust, ‘Earning Digital Trust: Decision-making for Trustworthy Technologies’ presents an interdisciplinary view of what digital trust requires and how to make trustworthy decisions regarding the development or deployment of new technologies and digital services.
Existing standards and frameworks related to digital trust include:
ICO guidance on qualified trust service providers (QTSP)
NCSCs Cyber Assessment Framework (CAF)
ISO/IEC 27001:2013 Security techniques, Information security management systems requirements
