DR John Welford describes the similarities between concessionary bus passes and ID cards ("Open letter to readers: The Scottish identity card scandal, The Herald, June 6).

It would be appropriate for the Scottish Government to now review the privacy implications of these passes (National Entitlement Cards) and their associated Citizens Accounts.

Following well-publicised losses of large quantities of sensitive personal data by HM Revenue & Customs and other public bodies several years ago, the Scottish Government reviewed information security and data handling procedures.

Subsequently, it published new guidelines: The Identity Management and Privacy Principles (Privacy and Public Confidence in Scottish Public Service); an excellent set of principles which was well received and contributes to much good practice in the way that government agencies now design systems for storing and sharing personal data securely.

Unfortunately, National Entitlement Cards and Citizens Accounts were designed before these guidelines were written. The guidelines state that bus passes should prove entitlement without requiring the user to reveal unnecessary personal information, so age-restricted services should simply require proof of age rather than more detailed information; large centralised databases should be avoided; and persistent identifiers should not be shared between different systems. Scottish concessionary travel cards fail on all of these points.

It will undoubtedly require time and money to redesign smart bus passes to adhere to the Scottish Government's privacy principles. Meanwhile, concessionary ticket holders should be given the option of using old-fashioned, and cheaper, passes that simply confirm entitlement to travel on the basis of a photograph.

Dr Geraint Bevan,

NO2ID Scotland,

3e Grovepark Gardens,