Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what steps they are taking to address security issues in the One Login digital identification system.

GOV.UK One Login follows the highest security standards for government and private sector services. As the public rightly expects, protecting the security of government services and the data and privacy of users to keep pace with the changing cyber threat landscape is paramount.

Security best practice is followed with a number of layered security controls which include: Security clearances for staff with ‘Security Check’ clearance required for all developers with production access; Identity and access management controls that block staff from viewing or altering personal information; A secure by design and compartmentalised system architecture; Technical controls around building and deployments; Logging and monitoring to alert on access to environments that contain personally identifiable information; and robust procedures for addressing any unauthorised or unaccounted for access.