NASCIO Releases Research Brief on the Privacy Implications of E-Authentication

NASCIO's privacy committee released yesterday, "Who Are You? I Really Wanna Know: E-Authentication and its Privacy Implications."

This research brief begins with background information on e-authentication, which is how states determine with an acceptable level of confidence if citizens are who they claim to be when conducting electronic transactions. It then provides state CIOs with potential privacy implications and unintended consequences of e-authentication.

When conducting a transaction with the state online, a citizen may need to provide the state with information, such as a name, address or even a Social Security Number or credit card number, for E-Authentication purposes. States must ensure that the privacy of that information is protected from those who are not authorized to see or possess it. This brief is intended to alert CIOs to the potential privacy implications for citizens' personal information that may arise within the context of e-authentication.

In addition to raising CIOs' awareness of the potential privacy risks of e-authentication, the brief also provides an overview of federal and state e-authentication activities and additional resources for those who want to learn more about this complex area of IT.