The Legal Framework for Identity: How the Law Imposes a Duty to Verify Identity, and Regulates the ‎Operation of Identity Systems and Services

Numerous laws impose a duty on a business to verify the identity of a person it is dealing with, while ‎other law regulates the identity systems that seek to provide the needed identity data. What is that ‎law, where does it come from, and how does it affect IdPs, RPs, and others? This session will examine ‎the overall legal framework that in some cases requires, and in other cases governs identity ‎transactions and services.‎ This will include (i) an overview of the existing laws that impose a duty to identify, and the various ‎approaches they take, as well as (ii) a basic overview of the developing legal rules governing identity ‎systems and services, the manner in which they operate, and their impact on the responsibilities and ‎liabilities of the parties. At the same time, it will also consider where those laws come from, and the ‎ways in which they can be modified as necessary.‎ This session will also provide an overview of newly emerging laws and legal initiatives that govern ‎identity at both a domestic and global level, the directions they are taking, and the impact they are ‎likely to have on shaping the identity ecosystem. Finally, the session will examine how the law can be ‎used to facilitate trust in identity transactions and interoperability between identity systems.‎