London council makes world’s first citizen data transfer

A London borough council has conducted what it claims is the world's first live exchange between a public authority and a citizen using a personal data store

A London borough council has conducted what it claims is the world's first live exchange between a public authority and a citizen using a personal data store.

Brent Council made the link as part of a pilot that has followed in the wake of the identity card scheme as a means for people to hold their own personal data and choose their own means of authenticating their identity.

Developed by Mydex, a not-for-profit start-up from East London's high-tech hub, the technology has the potential to make many public personal databases redundant. The Department for Work and Pensions (DWP), which keeps 60 million personal records in its customer information system, is involved in the pilot.

But the scheme faces legal barriers under the Data Protection Act. It is awaiting the outcome of an assessment from lawyers at Olswang LLP on whether and how the law must be changed to make it possible people to wrest back some of the control the government has over their personal data.

Tony Ellis, head of IT at Brent Council, said the pilot had scored a world first. "It could be Google moment," he said. "It's nice having the world's first personal data store. Mydex would say this is the world's first example of residents taking control of their information, but I'm more interested in having a low-level authentication platform."

The pilot involved Brent plugging its data hub into Mydex's beta system and pulling out data relating to two council staff, hub analyst Carol Copeman and records management officer Rita Scollan. Brent will attempt the operation with up to 50 people's personal data stores in the next month.

Ellis hoped the system could become a more trusted source of real-time personal information about Brent residents than its own systems, which could contain conflicting and out of date information.

"One of the challenges for a London borough is just the mobility factor," he said. "People are constantly moving. Our council tax records have a 30% turnover every year. How we keep track of people is one of the challenges and there's cost to that.

"Every council wants to move everything online," he added. "That will involve having some sort of authentication process so we know it really is the person they say they are.

"You can see it getting quite detailed. We can build in increased levels of authentication. We get some information from you. We can also push information back about your services. That could get to where you have input into the services we provide.

"The end game would be a platform that's increasingly electronic. It's almost like an online electronic handshake with a resident. We start to develop an online relationship. And that could take us down some interesting roads," said Ellis. He anticipated this might one day allow residents to tailor their own public services.

According to Ellis, the authentication was cheaper and easier than using the Government Gateway, the official means of online authentication for government services. The Cabinet Office, which runs the current system, is also involved in the Mydex pilot. Other participants include Croydon and Windsor and Maidenhead local authorities, which, like Brent, are among the government's pathfinder councils.

Mydex, which is based on the open source Higgins platform, uses links with credit reference agency Experian to authenticate its users. It plans to establish links with other parties so users can build higher levels of authentication for sensitive transactions.

The start-up hopes people will use its system as a single online identity from which private and public organisations must seek permission to draw personal data. Once authorised links are established, a change in someone's personal circumstances could be communicated instantly to all authorised parties.

But William Heath, CEO of Mydex, said the service was an eventuality unforeseen by the Data Protection Act, which was designed for a world in which people did not have control over their own data. There may therefore be no means of establishing either protection or liability if something goes wrong.

"You will need changes to the Data Protection Act for people to have control of their own data," said Heath.

The Conservatives had fought last year's general election on a manifesto that declared people should have control over their personal data "wherever possible". The matter was not taken up in the Freedom Bill now going through Parliament.

But the DWP has scheduled a legal workshop to determine the implications for public services if they make a mistake delivering someone's benefits based on incorrect data held in someone's personal store. Experts from the London School of Economics are also assessing its privacy implications.

Read more on IT risk management