Since our previous blog, we have been building and reviewing some guidance around supporting assisted digital users through GOV.UK Verify.
Here are some areas for service teams to consider when developing their assisted digital support.
1. Data and privacy considerations
Each service has its own approach to data protection risk management and may enter data on behalf of the user where necessary. During GOV.UK Verify, keying in information on behalf of the user is only acceptable if:
- the user is present and
- the GOV.UK Verify one time credential is in the possession of the user, even if they just read/hand over the token to the assisted digital provider and
- none of the information is stored or reused for any other purpose.
Face to face
If your service provides face to face support, users should type in their own information where possible. If the user cannot do this, a provider may need to type in this information on their behalf as long as the user is present.
Telephone
If your service provides telephone support, users must type in their own information. Support providers may help to talk through the journey, but cannot key in information on behalf of the user (ie. take over the transaction).
This means the user has to have access to a computer or device - users without any access will not be able to use GOV.UK Verify.
As part of the GOV.UK Verify journey, the user will leave GOV.UK and go to their chosen certified company’s page. Services may be able to support users through this part of the journey but must not ask for the name of a user's chosen certified company outright, to maintain privacy. Users may voluntarily share information about their chosen certified company with a service so they can be best supported - this is acceptable as long as the information given is not stored by the service or reused for any other purpose.
2. What users will need to complete GOV.UK Verify
Here are some examples of the information users may need to complete GOV.UK Verify:
- an email address and access to a mobile or landline phone (this should be their personal mobile and landline)
- their valid UK or European passport or identity card
- their valid UK photocard driver's licence
- their bank, mortgage or credit card statements
- their utility company account
- their full and continuous address history covering the past 5 years
- know whether they are on the electoral register and at what address
3. Technical support provided by certified companies
GOV.UK Verify certified companies have technical support services for users - their contact numbers are displayed in their user journey.
However, a user may call the service they are trying to use rather than the certified company, so general support provided by services for GOV.UK Verify is encouraged to ensure users are redirected as little as possible.
4. Offline identity authentication routes
Some users will fail to be verified by a certified company and may need an alternative route to access your service.
An alternative offline service will be necessary for users who can't use GOV.UK Verify such as thin file users. Thin file users include people:
- under the age of 19
- who have been in the UK for less than 12 months
- without a UK or European area passport and a current driver's license
Services currently authenticating users without using GOV.UK Verify, could continue using existing methods for those who fall into the categories above.
Follow Assisted Digital and don’t forget to sign up for email alerts.