Management of Personal Data

Proposing a solution for the individual to regain control of their identity in today's unregulated and unsecured digital domain

The Problem

I. The identity of an individual can be taken as the sum total of the information that uniquely identifies the individual and allows the individual to transact in a social and commercial environment.

II. Historically that identity was held as paper documents maintained by government organizations and by certain commercial organizations. Verification was done using photographs and the verification of documentations by Notaries.

III. As many aspects of the identity are now held in electronic format and the ease of which paper documentation is produced from those electronic forms, the historic system of identity verification is now highly vulnerable.

IV. This is evidenced by the increase in identity theft and resulting commercial fraud. As internet access is becoming ubiquitous and commercial transactions are rapidly moving to internet based business, the risk of an individual's identity being stolen can only increase. Hacking, phishing, virus attacks and other methods of obtaining identity information are on the rise and are poorly protected by PGP systems.

V. Less fraudulently but no less significant is the rise in direct marketing activities, to the extent that not only are they becoming a nuisance to the individual, but the return on investment is now making it infeasible to engage in unsolicited direct marketing as even though many electronic activities are free, the damage done to brand and reputation can mean negative returns on investment.

VI. In the world of direct marketing, key aspects of the individual's identity are now being traded daily on marketing lists, without any controls on accuracy or on who is involved in the trading. Not only are identities being traded on bona-fide marketing lists, but are also being traded for fraudulent use.

To summarize, the identity, assets and privacy of the individual are increasingly at risk in an unregulated and unsecured system.

How these issues are addressed today

Identity Theft Protection and Recovery solutions are being offered by many companies. These comprise credit checking and monitoring, credit card usage verification, single use credit card numbers, ID theft hotlines and credit score recovery programs. These solutions are ˜after the event" attempts at recovery, even those pro-active credit and card usage monitoring solutions will take effect once the identity has already been stolen. No system will lock down the identity prior to it being stolen. These solutions are in effect the credit scoring companies making a buck out of flaws in their systems - without a credit-score, the concept of identity theft would not exist.

Biometric validation systemsare on offer, where individuals are implanted with chips or biometric credentials are taken and maintained for future checking. This system alone is insufficient to ensure protection of identity, but it will be a requirement to uniquely identify an individual before a transaction can be performed. As a solution it does nothing to hold aspects of the identity other that those required to verify the person is who they say they are.

Universal Single-sign on mechanisms attempted to centralize the electronic identity and its management using an online passport system. This is flawed because it fails to recognize that individuals will not trust management of their identity to a single organization. It also failed to recognize that individuals already have aspects of their identity held by parties that the individual trusts

The Telephone Preference Service and other "Do Not Call" listings offer to protect the individual that registers with them by ensuring that all organizations engaging in unsolicited direct marketing activities filter their contact lists using the list of individuals who have a blanket opt out clause. Government legislation in many countries supports this system. This has failed because not all organizations have agreed to abide by this system, especially those organizations who are set up temporarily. The system has failed to recognize the lack of regulation on direct solicitation and the inability to enforce any legislation. Boxbe is attempting to fix the email aspect of this problem by providing secure inboxes.

The Liberty Alliance is a consortium of financial products providers and technology suppliers. This consortium is creating a set of protocols whereby financial transactions can be reliably authenticated. This solution has not been fully taken up yet and does provide more security than is available today. Although today's implementations provide such security to financial transactions and eGovernment, yet are not going so far as to address marketing information or the process of solicitation.

"One click ordering" as patented by maintains the aspects of an individual’s information sufficient to perform a complete transaction. It allows the individual to maintain their details and ensure their accuracy. . Many organizations will now hold details and will allow access via a password and user id. This solution functions well as long as the provider runs a scheme such as this, however, rather than securing and protecting an individual's identity, it opens up the opportunity for theft by making access to critical details as simple as guessing a password.

Various payment systems such as PayPal, Google Checkout or debit card accounts set up expressly for online purchase will allow users to deposit money and use this for online transactions thereby limiting exposure. PayPal offers a greater level of protection to the seller rather than the buyer. Debit card accounts will indeed limit exposure, but the account will still be unlocked with the limited security of passwords and usernames.

In short, there is no single or organized solution that fully addresses the security and privacy issues created by aspects of the identity being held in a system without controls or protection.

A Federated Personal Portal as a solution

1. The individual's identity consists of three information types: Core Personal Information, Transactional Information and Profile Information.

2. A Personal Portal will contain Core Personal and one or both of Transactional and Profile Information.

3. An individual will have one or more Personal Portals, these will be maintained by organizations that are designated Portal Hosts.

4. The designation is part of an agreement to abide by a set of rules, standards and conditions regarding the storage of and access to information held within Personal Portals.

5. Core Personal Information is the property of the individual and will be maintained by the individual at all times.

6. As part of the hosting agreement, the individual will grant access rights to the Portal Host, however, will be able to explicitly specify level of access and usage.

7. This information is identical across all Personal Portals "owned" by the individual and will be held in a standard data schema to allow any Portal Host to be able to access it with no translation.

8. Core Personal information will propagate from the point where it was last modified across the network of Personal Portals "owned" by an Individual. A Portal Host will always check the network of Personal Portals for any Individual for updates to Core Information prior to

9. Transactional Information is the property of the Portal Host and represents the detail records of transactions carried out on behalf of the individual by the Portal Host (e.g. Call Detail Records for a telecommunications provider or Credit Card Transactions for a Credit Card Issuer).

10. The individual is able to see but not amend the Transactional Information. If it appears incorrect, then there is a negotiation between the Individual and Portal Host to amend the information (in a process similar to querying a line item on a bank statement).

11. As per the hosting agreement, the Portal Host is able to use Transactional Information for internal purposes.

12. When an organization is designated as a Portal Host, it must declare its internal scope. The internal scope defines the type and context of use for Transactional Information.

13. Profile Information is created by summarizing transactional information and applying various analysis techniques to Transactional Information. The user's Core Personal Information is taken, used to identify characteristics of the user (perhaps by filtering or overlaying with demographic information) and the Profile Information derived.

14. The Individual is able to view and set overrides on aspects of Profile Information. These overrides will determine how Marketers communicate and transact with Individuals.