Who "owns" your identity and your personal data?

| 1 Comment | No TrackBacks
| More
HMG appears about to admit that federated identity management is inevitable, if only because none of the tribes of Whitehall can agree to use a system controlled by another tribe. Meanwhile 

"It's Ours: why we, not the government, must own our own data" an excellent paper from the Centre for Policy Studies has moved the debate on.   

Among the papers for release at the same time as the announcement of the new Government Security Strategy, including Cybersecurity, was supposedly an excellent paper encapsulating the latest policy on identity management, "Safeguarding your Identity", including the information assurance principles to be followed.

I was only able to skim a copy supposedly given out at a briefing on the morning of the release. It was an excellent summary of good practice in Federated Identity Management and showed a refreshing recognition of the realities of working across the silos of Central Government. It recognised what has been inevitable since the breakdown of attempts to acheive concensus on centralised systems, whether run by the Office of National Statistics, Home Office, IPS or DWP. It does, however, require mindset transplants on the part of those who persist in ignoring political, economic and technical reality, let alone professional good practice.

Unfortunately I was not allowed to keep the copy I was shown. Worse, it does not yet appear on any website. Nonetheless, I look forward to giving an unequivocal welcome to an HMG paper on identity management.   

Meanwhile, the CPS paper raises the question of why such systems should be run by government at all.

It is a great read, although I am not sure I would like my medical records held in the Cloud by Google Health or Microsoft any more than on the leaky and unreliable databases of the current outsource suppliers to the NHS.

However I would like the choice.

More-over I might be willing to trust BUPA or Experian - especially if I did not have to trust the security of a call centre or help desk in Bangalore or the receptionist in my local GP practice or hospital and knew that my data could not be accessed by the UK or US Governments under surveillance powers other than through the Courts - rackety though the latter might be.

More-over I greatly like the idea of organising low cost, high quality public services as simple add-ons to existing secure, high resilience, industry databases - in the way that DVLA on-line driving license renewal service does. I find it interesting that so many are happy to talk about the success of that service but not about how little it cost, let alone why it was so cheap. 

P.S. Monday 17.15 I have just been given a link to the notice launching the new "Safeguarding Your Identity" strategy. Do read and  enjoy.

 

      

No TrackBacks

TrackBack URL: http://www.computerweekly.com/cgi-bin/mt-tb.cgi/37809

1 Comment

Firstly, although the CPS paper is thought-provoking, it's very disappointing that it has no proper references that can be checked easily.

Secondly, like Philip, I am equally uneasy about my personal data being aggregated and held by commercial organizations.

Thirdly, it's just moving the problem. It's the massive databases that are the risk, whether held by government or by industry. Just because Google hasn't had a massive data loss so far doesn't mean they won't have one in the future.

The debate I would like to see is how to store personal data in a dis-aggregated form, aggregating it only dynamically and when required - the "mashup" approach.

Leave a comment

About this Entry

This page contains a single entry by Philip Virgo published on June 28, 2009 5:08 PM.

Digital Britain - charge the Elephant not the dying donkey was the previous entry in this blog.

An overdue outbreak of common sense: "Safeguarding your Identity" is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Archives

Recent Comments

 

-- Advertisement --