Recently in Background Category

Privacy, Data Protection and Security - Post UK Election

| No Comments
| More

As the country goes to the polls, the three main parties have committed to specific policies on Privacy, Data Protection and Security. In particular, the Conservatives have promised radical reform in these areas. What changes are we likely to see once the new government is elected?

I will be presenting a free online seminar on the topic of "Privacy, Data Protection and Security - Post UK Election" at 1100hrs BST on 13th April 2010. You can tune in for free, and pre-register for the event here.

[Declaration: There is no fee for this event, and I am not being paid as a speaker]

Practical Privacy Impact Assessments

| No Comments
| More

Sorry about the extended break from blogging - I've been away in the woods on a Bushcraft course, so no phone or email for me - but we're back to normal service now.

I spoke on the topic of "Privacy Impact Assessments: Experiences from Industry" at the Engineering and Science Research Council event on 30th June, and the slides are now available online. Rather than discussing the process of a PIA, I focussed on when (and when not) to do a PIA; how to avoid the traps and pitfalls on the way; and how to make best use of the results.

Identity and Privacy 2009

| No Comments
| More

Next week beings the first Identity & Privacy Forum. Our keynote speaker this year is the Information Commissioner, Richard Thomas. We also have a host of experts from the fields of privacy, identity, security and biometrics.

The conference will be held on 14th and 15th May 2009, sponsored by Consult Hyperion with support from HP, Microsoft, Symantec, Verisign and VoicePay. The Forum will be held at the Guoman Charing Cross Hotel, London, and will be structured around four sessions - 'online identity', 'privacy and consent', 'sharing front line experiences' from the public sector and 'catching up with biometrics' - together with interactive expert panel discussions.

Why are we kicking off this new Forum? Well, for some years the Digital Identity Forum and EPG have been running their own events every year and usually only a week or two apart. We've noticed that the overlap between the events - in terms of subjects, speakers and delegates - has been growing year-on-year, so we decided to get together and focus our efforts on one event that inherits both traditions: debate, discussion and learning in a relaxed atmosphere, mixing technology, business and policy to try and create new ideas, new breakthroughs in identity management for the 21st century.

We have only a limited number of seats for this event, and a small pool of FREE TICKETS. Please contact me directly if you're interested in joining us at the event.

[Please excuse the blatant plug - but this is a not-for-profit event with any profits going to charity]

Scientific American

| No Comments
| More

Dave has posted some excellent thoughts on this month's Scientific American special on privacy. In particular, if you've not considered how some folks feel about RFID tags then take a look.

Back to school

| 1 Comment
| More

Dave Birch has done an excellent job of describing a point that is oft-discussed in identity/privacy circles: that we in fact rarely need to identify ourselves. Government ministers bang on about how good citizens need to identify themselves many times each day. Utter poppycock. We need to prove entitlement to a service, or authenticate ourselves as the legitimate recipient, but we rarely need to identify ourselves. Please can we sit down with the policymakers and educate them on some of the most elementary principles of ID before they start writing user specifications for massive database systems? (Of course if we educated them properly, the systems wouldn't be massive in the first place).

I get particularly annoyed when I'm asked for inappropriate credentials. Government offices will very often request a credit card so that I can prove who I am when going into a building. What exactly does that prove? That I'm capable of stealing a wallet or making a false credit card? My solution is always to respond to a request for an inappropriate credential with an inappropriate credential: my favourite cards are my National Rifle Association membership (that always leaves security guards with a dilemma) or my CLAS membership (a little piece of laminated card that in theory says I have security clearance, but in practice has nothing to bind it to the bearer other than a name on the front).

Of course the politician's response to this problem is to day that it proves the need for an identity card. Oh no, it doesn't. It proves the need for an identity metasystem, and that's a very different beast indeed.

Cycling to Paris for Action Medical Research

| No Comments
| More

In light of James Garner's marathon effort, I'd like to put in a sponsorship plug for my forthcoming charity cycle ride. Please read on and lend your support!

Data losses in Borsetshire

| More
For a while now I've been waiting for the issue of data losses to permeate the popular media. Soaps are a great way to get people plugged into these awareness ideas. Well, I'm delighted to announce it's happened, in The Archers of all places. Carrie's lost the paper folder containing everyone's weights from the slimming club. Unencrypted obviously. This is likely to be their own data Chernobyl (perhaps a better metaphor here might be the 'data anaerobic digester?'), and the repercussions will be felt all the way to The Bull. I can't wait to hear what happens next.

How many identities do I have?

| 4 Comments | No TrackBacks
| More

I only have one identity. That’s me. I know who I am. You can’t steal it from me. But I use many personae, and the UK, like many ‘western’ nations, is built upon pseudonymity. For example, I have about a dozen pieces of plastic in my wallet. There is no direct link between the Toby that holds a Visa card and the T Stevens that holds an Amex. When I apply for a new financial product, the provider has to rely on the likes of Experian and Equifax to derive confidence about whether those are the same individual.

What is privacy anyway?

| No Comments
| More

Privacy is often defined as “the right to be left alone” (OED). The key issue here is the ‘right’ - not the ‘alone’. Very few of us choose to be left entirely alone, we surround ourselves with people, phones, computers, tvs, radios etc. But we want to know we could be left alone in a given context: I’m happy to be called by family & friends at weekends, but have no interest in receiving calls from double glazing firms.


The views expressed in this blog are my own, and do not necessarily reflect those of any client or other organisation.

Subscribe to blog feed



Toby on Twitter

    Recent Comments

    Erik C Gruet on Identity assurance and th... : I think the solution lies in sharing data across m...
    Toby Stevens on Identity assurance and th... : Peter, I can't speak for GDS, but I agree that the...
    peter wells on Identity assurance and th... : (Declaration of interest: I've been working on #di...


    -- Advertisement --