Data Privacy: Put ASHs in the bin

Filed under: Governance,Privacy,Technology — lenand @ 10:25 pm
Tags: , , , ,

There’s a consultation about the regulations for protecting personally identifiable data. The government proposes allowing a number of local organisations to create secure Accredited Safe Havens (ASHs). They will have access to information from peoples’ personal care records, which could be used to identify an individual.

The consultation assumes a solution that there is a need to transfer such data into an ASH.  Quarkside suggest that an alternative is inherently safer. Instead of moving data to an ASH, it stays put in a Personal Data Store (PDS). A PDS resolves the problems of consent by only releasing data for analysis without personally identifiable data.  This could be controlled by Mydex.

The back of a beer mat design goes something like this:

  • People control their own health and care records in a suitably encrypted data store.
  • Data is held in 5* format in triple stores and using URIs appropriately (ask Sir Nigel Shadbolt how to do it).
  • Explicit consent has to be given for the extraction (or viewing) of any attribute. This avoids any data which could lead to identification being stopped at source. The consent could also be given by an Accredited Data Attorney (ADA). An ADA could be the person or any single person who has been trusted to give consent to release data for sharing purposes.
  • If an Accredited Data Processor (ADP) wishes to use anonymised data then temporary rights are given by the ADA. Data may be given an expiry period after which any copies of the source data are destroyed. The ADP would be allowed to stored summarised data for analytical purposes.
  • Any joins of personal data are done within the domain of the PDS and the method of performing those joins and hidden from the ADP. The risks are reduced for loss of privacy. If you go back to the principles of FAME you will see the nine principles that can make this work. The Identity Management problem is solved at source. Sharing data from multiple agencies is logically performed in an infrastructure that is like a walled garden.
  • Each time data is released to an ADP, then the source identity would be irreversibly hashed by the ADA. The regulations would be so much simpler to implement.
  • The ADA can release personally identifiable data to multiple agencies, such as health and social care. Again this must be time limited and the agencies would be obliged to destroy data, without any rights to store archives that contain personally identifiable data. A PDS is the repository for health and social care records.

Big data technology has advanced to the stage where this has become possible. Give control of sharing to the citizen. Acknowledge that people have ownership rights to their data, even if it is collected and stored by the NHS (or any other ADP). If you don’t create ASHs, you don’t need to regulate them


Your email is watching you.

Filed under: Privacy — lenand @ 7:33 am

Conferences come and go.  It is a valuable business for organisers and a useful channel for suppliers.  Both rely on the attracting the best shod feet through the door.  Imagine the surprise on seeing:

“We have noted that you appear to have not opened the joining instructions sent to you – therefore we have sent this email as plain text so hopefully it will get through. If you have already received and read the joining instructions then please disregard this email.”

The technology has been around since the last century, but it had gone into rarely visited long term memory archives.  So, if you want to do it yourself, try the charmingly named SpyPig.  If you follow this link, it gives you your current IP address and some unintelligible Internet Service Provider details.


Email leaks continue

Filed under: Governance,Privacy,Security — lenand @ 6:42 am

The technique of allocating a unique email address to suppliers was discussed two years ago and Quarkside reported an incident of a company not maintaining privacy of an email address.  That company would not hit the headlines, however my latest example surely would.  This is the story.

I started receiving unsolicited emails from a Big C company. They used an address which I reserved for communications with a Big M Company.  They were not ever given permission for it to be given any third parties.  I asked Big M for the source of Big C obtaining my email address, asking for any evidence that it had been leaked or that I inadvertently given permission to share it.

Understanding the possible reputational damage to Big M, I exchanged half a dozen emails via their internal channels and received no explanation nor apology. Their final stance was for me to report the incident to http://www.actionfraud.com. I did not think it was appropriate as they do not have the resources nor justification to handle such an apparently trivial case.

I also asked Big C for an explanation, who said “Security is very important to us, and we will look into this issue carefully.” Needless to say, I heard nothing.  However, talking to a Big C senior vice president, my advice was to forget all about it.  I would only be regarded as an irritant and would not achieve any satisfaction from any Big company.

Both Big M and Big C should take such complaints more seriously.  If there is a breach of email contact databases, then here is some evidence that might help them to trace the source.  Another possibility is that an employee, present or past, has copied some email addresses for commercial purposes.  In either case, Information Governance processes should lead to an internal investigation, not a hand-off to ActionFraud or a vacuous email address.


eBay unfriendly to use of gmail as email consolidator

Filed under: Privacy,Security — lenand @ 9:49 am
Tags: , ,

Unfriendly eBay sent this to me.

Oops. We weren’t able to send your message to XXXshop, because the email address you used to send this message, XXX@gmail.com, isn’t linked to your eBay account. 

To keep eBay safe, we need you to send messages from a registered eBay email address. This will prevent your messages from being blocked in the future.

I have no wish to record my gmail account with anybody other than Google.  It’s part of my Spam identification mechanism.  I give every supplier their own email address for me to track down misuse, such as passing on details to a Spam generator.  It has worked, to the embarrassment of a major software company.

Does it really make eBay any safer if  it blocks unregistered addresses?  They know who I am.


Data Protection: MoJ ignores most of the public sector

Filed under: Governance,Politics,Privacy — lenand @ 8:53 am
Tags: , , , ,

The Ministry of Justice has called for evidence on the EU Data Protection Proposals.  They are seeking the views of “data controllers and data processors, rights groups and information policy experts or anyone with a professional or personal interest in data protection“.  Quite right – they have asked over 150 organisations to answer a lengthy questionnaire.  They have selected an eclectic mix of companies from Abbey Quilting Limited to Yahoo!  Many are understandable, such as No2ID and the Information Commissioner’s Office.  It is the omissions that are mysterious:

– Virtually no central government departments have been asked.  One would have expected HMRC and DWP should have some evidence – not just the DVLA.

– No representative organisation from local government, such as Solace, LGA or Socitm.  But there are a few individual local authorities such as Norfolk County Council.

When these organisations collectively record personal data for every single citizen, surely they should have been asked.  It is not an issue of politeness – but politics and policy.  Information governance must include the key stakeholders – not just an apparently random selection.

Right to be forgotten: Is it practical?

Filed under: Governance,Politics,Privacy,Process,Risk — lenand @ 8:08 am
Tags: , ,

The reform of the EU’s data protection framework has an explicit requirement that obliges online social networking services (and all other data controllers) to minimise the volume of users’ personal data that they collect and process.  Furthermore, data controllers must delete an individual’s personal data on request – assuming there is no other legitimate reason to retain it.

One wonders if this also applies to back-up and archive files.  The best organisations may be able to trawl through history, selectively remove personal records and produce an audit trail to prove it.  It may start messing up statistical reports – but that a minor problem when most public sector organisations do not have information governance processes capable of tracing individuals – let alone removing all traces of them.


Liam Maxwell: One year later

It is more than a year since Liam Maxwell’s  “Better for Less” was published.  What has been achieved from the 69 pages of ideas? It obviously made the right impression because he is now working in the Cabinet Office in a one year appointment from September 2011


Our goal should be to deliver to the online population frontline public services with minimal, possibly zero, administrative cost, freeing up cash for more effective, intermediary-based, service delivery for those not online, and also as savings. This is already happening in some areas of local government and driving taxes down. It is happening in other countries, making service delivery better. It is time the biggest component of the British economy, its bloated state, started to learn these lessons.

How does it work? 5 principles underlining all IT in government We base our approach on a small number of core principles

1) Openness

a. Open Data – government data must be transparent
b. Open Source works – its concepts should be applied to processes as much as to IT
c. Open Standards will drive interoperability, save money and prevent vendor lock-in
d. Open Markets – competition creates efficient market-based solutions.

2) Localism – the centre may set the standards, but local deployment is best.

3) Ownership and Privacy

a. It’s our data, government can have access but not control over personal data.
b. Government should be accountable for data protection and proper use.

4) Outcomes matter more than targets.

5) Government must be in control of its programmes, not led by them.”

Let’s look to see how successfully the principles have been incorporated into the Government ICT Strategy.

1. Open data, open standards and open source are clearly stated objectives. And open markets are part of the procurement objective.

2. Localism does not get a mention, according to word search. This is a gaping hole, but perhaps Liam will explain this when he speaks at the SOCITM conference in November.

3. Alarmingly, neither privacy nor data protection are words within the strategy.  The objective for “Risk Management Regime” has implied elements for both, but the metrics concentrate system security – not anything based on citizen data protection.

4. Outcomes are potentially the most important gap in the strategy. There’s too much concentration on internal, central government processes. The four objectives for using ICT to enable and deliver changeare not really focussed on citizen outcomes.

5. Governance of programmes is an implicit role for the “Public Expenditure (Efficiency and Reform) Cabinet sub-committee (PEX(ER))“. There are twelve senior people named, with representatives from MOD, MOJ, HMRC, HO, DoH, DWP and Cabinet Office.   That  should be enough people. However, Quarkside thinks that UK plc should also have representation from departments with responsibility for improving the ICT skill base of the country. Shouldn’t DfE and BIS have something useful to contribute? And if localism is really important, why doesn’t DCLG have a place on the high table?

Quarkside gives “Better for Less” 40 marks out of a possible 100 for influencing the agenda. In the old days, this was a ‘Pass’ at A level. So not too bad. However, it would not have secured you a place in one of the top universities.


Secure money saver

How many confidential or official documents must be sent by the post? Bank statements, payslips, licence renewals, invoices,… Why can’t they be sent electronically? The over-riding reason is to guarantee a real address.

The “Private and Confidential” sticker is irrelevant once it has been delivered to the household, but the sender has done as much as they can – or have they? Shouldn’t the recipient have the choice of asking for such documents being sent to a secure, encrypted, email inbox?

The benefits to the recipient are:

  • Password, or token, protection to keep mails private and confidential.
  • Correspondence filed electronically
  • Readable from any location
  • Fewer paper cuts

The benefits to the sender, often public sector organisations, are far greater:

  • Reduced postal charges; 12 payslips a year must cost at least £2. That’s £2000 if you have a thousand pension payments to make.
  • Guaranteed delivery; there’s an audit trail to see if a document has been delivered and opened.
  • Interception free delivery and fewer non-delivery complaints to manage.
  • Ability to implement closed invoicing and payment processes with minimal intervention from administrators.

So here is a business proposition for the Local Authorities  (LAs) or the Post Office. Offer citizens a free, secure, encrypted, email inbox on a GCloud service. Offer any public or private sector organisation a secure, encrypted, traceable, email service at a sustainable annual fee. Some citizens may also wish to subscribe to a secure Web-based outbox for replying to secure inbox messages, or even to initiate communications.

The key to success is to link a secure email address with a property and a person.   Local Authorities have knowledge of the Unique Property Reference Number (UPRN) and at least one person responsible for paying Council Tax. They could minimise the risk of fraud by sanity checking the number of secure email accounts at each property.  LAs must lead on this innovation. There’s lots of work to do on the detail, but the good thing is that there’s an Agile solution because the basic facilities are available out of the box. Quarkside is trialling them now.

At some time in the future, this service could stimulate interest from the Electoral Registration Transformation Programme (ERTP, IVR and EIR are among the abbreviations). You read it here first.


Register for Secure Emails

Filed under: Innovation,Local Government,Privacy,Security,Technology — lenand @ 12:16 pm
Tags: ,

One of the benefits of networking events is that you come across interesting new products. Here is one spotted by Andrew Henderson.

It’s a secure email service, Regify.

  • It looks good for encrypted messages and traceable delivery.
  • It  avoids the need for complex VPN, GovConnect or key infrastructure.
  • The web mail service seems fast enough.
  • Outlook users can have an add-in
  • Each recipient has to have an account, which is free and simple to enrol.
  • There’s a monthly charge for sending emails – but you can sign up for a free month to start you off.

Quarkside thinks that this would be an excellent Cloud based service for Local Authorities. They could send secure emails to enrolled citizens, suppliers, partners and service providers with a traceable guarantee of receipt. Some citizens might appreciate this as a free secure inbox service to them. Some citizens and suppliers might even be prepared to pay a subscription to send secure emails to Councils.

Security and accountability are high in the governance agenda and it could become part of the infrastructure for voter registration, Universal Credit and service requests. Is anybody  else prepared to give it a try?


Staff supplied spam list

Filed under: Governance,Privacy,Security — lenand @ 9:12 am
Tags: , ,

Quarkside’s spam sleuthing helped to identify a person who is no longer employed by the respectable company.  Prompt action was taken and a company wide letter has been sent to all staff reminding of them of their responsibilities under the Data Protection Act.  I hope that the Information Commissioner has been informed.

The list was used to create spam.  How wide this has spread, only time will tell.  It was interesting that the spam led to a company that has “adopted a pioneering approach to the deployment of modern technologies such as MDM, yet couple this with a no-nonsense attitude to advice, governance and analysis.”  If this is a no-nonsense attitude to governance, then their internal processes are worthy of deeper inspection.  No-nonsense should not mean avoiding due diligence on sources of personal information.


Next Page »

Blog at WordPress.com.