Data Privacy: Put ASHs in the bin

There’s a consultation about the regulations for protecting personally identifiable data. The government proposes allowing a number of local organisations to create secure Accredited Safe Havens (ASHs). They will have access to information from peoples’ personal care records, which could be used to identify an individual.

The consultation assumes a solution that there is a need to transfer such data into an ASH.  Quarkside suggest that an alternative is inherently safer. Instead of moving data to an ASH, it stays put in a Personal Data Store (PDS). A PDS resolves the problems of consent by only releasing data for analysis without personally identifiable data.  This could be controlled by Mydex.

The back of a beer mat design goes something like this:

• People control their own health and care records in a suitably encrypted data store.
• Data is held in 5* format in triple stores and using URIs appropriately (ask Sir Nigel Shadbolt how to do it).
• Explicit consent has to be given for the extraction (or viewing) of any attribute. This avoids any data which could lead to identification being stopped at source. The consent could also be given by an Accredited Data Attorney (ADA). An ADA could be the person or any single person who has been trusted to give consent to release data for sharing purposes.
• If an Accredited Data Processor (ADP) wishes to use anonymised data then temporary rights are given by the ADA. Data may be given an expiry period after which any copies of the source data are destroyed. The ADP would be allowed to stored summarised data for analytical purposes.
• Any joins of personal data are done within the domain of the PDS and the method of performing those joins and hidden from the ADP. The risks are reduced for loss of privacy. If you go back to the principles of FAME you will see the nine principles that can make this work. The Identity Management problem is solved at source. Sharing data from multiple agencies is logically performed in an infrastructure that is like a walled garden.
• Each time data is released to an ADP, then the source identity would be irreversibly hashed by the ADA. The regulations would be so much simpler to implement.
• The ADA can release personally identifiable data to multiple agencies, such as health and social care. Again this must be time limited and the agencies would be obliged to destroy data, without any rights to store archives that contain personally identifiable data. A PDS is the repository for health and social care records.

Big data technology has advanced to the stage where this has become possible. Give control of sharing to the citizen. Acknowledge that people have ownership rights to their data, even if it is collected and stored by the NHS (or any other ADP). If you don’t create ASHs, you don’t need to regulate them

BBC: Reduce freebie viewers!

“The future of the BBC licence fee is threatened by political ideology and the impossibility of stopping people from watching on line free of charge.”

is quoted from Private Eye No 1341, page 12.

There are some people who watch BBC programmes on iPlayer who have a TV licence but no TV.  They stick by the condition that you need to be covered by a licence if you watch TV online at the same time as it’s being broadcast on conventional TV in the UK or the Channel Islands.  Watch it an hour later and you don’t need a TV licence.

The BBC is not obliged to provide content for free.  It is not a new idea, but they could contemplate a governance regime that licensed people to view on-line.  A personal data store could have an identity attribute for a current TV licence.  Mydex is free for personal use and would be easy for the BBC to check before a programme downloads.  Registering for viewing on-line content is commonplace and it is reasonable to change conditions to maximise revenue.

Yes, there will be ways of cheating the system – but 40pence per day is not excessive when compared to cable and satellite subscriptions or the indirect cost of TV advertising.  The BBC could then consider developing global terms and conditions which earn extra income.

So it’s not impossible – just unlikely that the BBC will attempt to reduce free viewing.

Senseless Census

The 2012 Census should be accomplished by using a Personal Data Store (PDS), so says William Heath.

“It could poll the information once every ten years if that were good enough for statistical purposes and for planning public services. Or it could poll people’s personal data stores ever 10 months, 10 weeks, 10 hours, 10 minutes, or 10 seconds. Lockheed Martin could go back to making rockets and bombs. We’d save a pile of money. And we’d start to be able to plan public services based on real needs and preferences instead of an out-of-date decennial view.”

Whilst understanding the theory, there would still be a big hole in obtaining data from people that are difficult to reach.  Old, infirm and migrant sectors of the population are bound to be under-reported.

• Will census staff be able to create a PDS for such people in lieu of a census return?
• Will a Unique Personal Identifier be established?
• Where will their Personal Data Stores be located?

No doubt a number of the privacy groups, such as the Open Rights Group and No2ID will have something to say if legislation starts to emerge.

Although William tells us that “The non-ideal 2012 Census will see Lockheed Martin paid £500m-odd of money we can ill afford to undertake a clunky process of data gathering which will take 2-3 years to complete and feed back.” It will be no surprise if the PDS infrastructure and data collection will cost more than the half billion going to the census contractor.

In our Still Bureaucratic Age, it won’t happen before 2012.