I have always known that ‘paper’ is an expensive and time consuming way of collecting, sharing, storing and retrieving information. I recall us all going out to buy document shredders to protect us from Ne’er do wells rooting through our dustbins (sorry – trash cans) to get hold of our personal information until weak or unprotected digital documents made it much easier to harvest and profit from our data.

But I didn’t realise until my son sent me the link to this news clip that even those paper documents which we all copy, as individuals and businesses, are a gift to the global black market in illicit data trading.

Take 5 minutes and watch this.

The post Psst! Wanna buy a second hand digital copier? appeared first on PAOGA - Digital privacy & trust, personal identity security platform.

The following is written by the CEO of Personal.com (as the American spelling will attest).

It is the Foreword to an important White Paper Privacy by Design and the Emerging Personal Data Ecosystem  from Dr Ann Cavoukian, Information & Privacy Commissioner, Ontario, Canada which I strongly recommend reading.

Yes, Personal.com can be seen as a competitor of PAOGA but, as I have often said, at this point of this emerging and important global market, there are no competitors – only allies who share a worthwhile vision and mission to bring confidence and trust back to online interactions for all participants; including you, as a citizen, consumer, employee, student, patient et al. We also work with Respect Network, OIX, Ctrl-Shift (World Economic Forum), Personal Data Ecosystem Consortium, all of whom are developing standards to facilitate collaboration and interoperability.

Foreword

Samuel Taylor Coleridge’s famous line from “Rime of the Ancient Mariner” – “water, water everywhere … nor any drop to drink” – could easily be updated for the 21st century when it comes to the state of data about people and our lives: “Data, data everywhere, but not a bit (or byte) for me.” Simply put, our data is everywhere, yet there is no place where we can easily find or use it.

How is this possible, when we live in a Big Data world where the data we create or that is captured about us grows at an exponential rate that exceeds Moore’s Law? Just about everything that we do – from mundane form filling to using the latest mobile devices and apps – generates data. Companies certainly understand the importance of our data and capture it for their own use, mining value from it every day. Even so, they struggle to make sense of it all, hoarding it in silos that, ironically, greatly limit its ability to be used.

Now, imagine breaking down these silos, liberating the data, and bringing it together in a secure place where a person could easily access this information and decide how best to use and share it. Then imagine letting the smartest developers build apps on top of such permission-based data, so that people could harness its power to radically improve their lives, on their own terms. The potential use cases are as unlimited as the data the person might store in his or her vault and the personal, private networks they will wish to create when they push their data into the world beyond their vault.

For example, analyzing information about our own purchases, payments and habits could make us smarter financially. Mashing together health records with dietary and exercise tracking could make us healthier. We could use our information to signal purchase intent directly to retailers, earning us better offers and allowing our favorite stores to create more satisfying and welcoming relationships with us. From a productivity perspective, we could use the data in our vault to literally make form filling obsolete and reclaim tens of billions of wasted hours annually across the globe.

There is no need to imagine such services. Technology makes such opportunities possible. Only inertia and certain business practices stand in the way.

A new personal data sector is taking root and creating user-centric, user-driven tools to give individuals more control over their own data. Start-ups focusing on personal data vaults and the safe, private exchange of data form a vibrant core of this industry. As evidenced by the World Economic Forum’s May 2012 Rethinking Personal Data project report, the largest companies in the world as well as governments have become keenly interested in this sector.

Putting users at the center and in control of their own data is not new, but it is an idea whose time has come. This is partly because the current path, as the World Economic Forum report highlights, is inherently unsustainable.

More than ever before, the privacy and security practices of companies and governments are front-page news, and regulators and politicians are scrutinizing them closely. Seeing the well-publicized triumphs and tribulations of the largest search engines and social networks, people are starting to wake up and ask tough questions about privacy, transparency, security, and why they lack the power to use and benefit from their most personal of assets – information about themselves and the people, places, things and activities in their lives. Companies have also

begun to realize that today’s online advertising model is dysfunctional, inefficient

and alienates the customers and dollars they wish to attract and retain.

Personal sits in the center of this emerging personal data ecosystem. We are the first commercially available platform to give individuals the ability to securely import, store, share and reuse all the important data, notes and files in their lives through a vault and personal network connecting them to trusted people, organizations and apps. An end-to-end solution for personal data, Personal is simultaneously the vault and network of nodes that allows people to share and benefit from their data however they choose. Other companies are emerging in this space, focusing on all parts of the personal data spectrum – data vaults, networks, identity management, and other areas. We can barely imagine all of the amazing benefits that will come from this user-centric data world, and we are excited to help make it a reality.

If this new sector is to succeed and gain user trust, the companies in it must adopt Privacy by Design (PbD) principles in their technology and business practices, as described in this paper. And I can think of no better or more esteemed authority to author this study than Dr. Ann Cavoukian and her team. Dr. Cavoukian’s coinage of PbD and long record of leadership on privacy as a scholar, advocate and regulator are renowned and well deserved.

The result of their work is a pioneering examination of the opportunities and challenges of the personal data ecosystem. The paper serves to put sharper edges around this emerging category, and I believe it provides a lasting and important intellectual cornerstone for its development. I think you will agree.

Shane Green
Co-Founder and CEO, Personal

I certainly agree Shane and hope that you can join us at The Prospect of Whitby next time.

The post Data, data everywhere, but . . . appeared first on PAOGA - Digital privacy & trust, personal identity security platform.

There was an interesting interview on BBCnews this morning in which Peter Bolton King, Global Residential Director at Royal Institution of Chartered Surveyors (RICS), revealed the findings of their survey that Estate Agents are not trusted to provide relevant information to property buyers.

This concurs with a recent survey by Which? who asked consumers the extent that they trusted various professions to ‘act in their best interest’. Estate Agents and Bankers scored 11% after Politicians and Journalists with 7%. Doctors and Nurses were up at 80%+

A key point he made was that there is no compulsion for Estate Agents to belong to a professional or trade body. It occurred to me that these professional and trade institutions, such as RICS, could do much to enhance the ‘trustworthiness’ of their members, and therefore the profession or trade they represent, by participating in the governments’ ID Assurance initiative to ensure that their members and their qualifications are verified and, under CPD, maintained. This would provide consumers with confidence and weed out the minority ‘cowboys’ who give numerous professions a bad name – often undeserved.

Relationships, of any kind, depend upon Trust and Trust is something that is earned and maintained. In business ‘More Trust = More Money’.

To be trusted is a valuable and powerful asset for individuals, businesses and government and trust is under severe pressure at the moment with front page revelations undermining the trust of politicians, military, police, lawyers, bankers, doctors, teachers, media and celebrities. In business the cavalier attitude to the protection and maintenance of personal information or worse, the unauthorised sharing or sale of personal information (online and offline), has shaken the confidence of individuals in their multiple roles as citizens, customers, patients, employees etc.

The digital world is still very young but, as Tim Berners-Lee has said, the internet is being used for communications and transactions undreamt of when he developed it. Who would have thought that your personal information (not just identity but bank details, academic qualifications, medical information etc.) is, on average, stored in 1,000 data silos around the world? Who would have thought that not only are all your emails scanned but also attachments in the name of anti-terrorism?

We all enjoy the convenience of online but ask someone about ‘convenience’ who has had their identity compromised or found that their creditworthiness has been trashed due to data errors when they have taken 2 years to re-establish their credibility.

We are only just learning that Social Networking needs to be used appropriately. You should treat it like a party of friends and strangers and only reveal ‘stuff’ that you would say in such circumstances. For those other occasions when you want some personal privacy or business confidentiality we need Anti-Social Networking. We need to have the online tools and services to know for certain; who we are communicating with, that we have shared something important with them, that they received it and that it is private and confidential.

The post ‘total lack of trust’ appeared first on PAOGA - Digital privacy & trust, personal identity security platform.

I was honoured to be invited recently by Ann Cavoukian, Ph.D, Information & Privacy Commissioner – Ontario, Canada, to become an Ambassador for Privacy by Design following my post comparing her ’7 Principles’ with PAOGA’s application development.

The post Graham is Privacy by Design Ambassador appeared first on PAOGA - Digital privacy & trust, personal identity security platform.

Over the next few days the Privacy Surgeon will poll many of the world’s leading privacy specialists, policy-makers, media professionals and legal experts to identify the ten key issues that are most likely to dominate the privacy landscape over the coming year. This will by the first of an annual poll conducted every summer by the Privacy Surgeon.

I look forward to the outcome of this research.

The post Simon Davies – The Privacy Surgeon appeared first on PAOGA - Digital privacy & trust, personal identity security platform.

Now, don’t misunderstand me – I am not advocating Antisocial Networks. I have nothing against Social Networks used sensibly for sharing stuff BUT, like everyone else, I also have private and personal stuff, important to me, that I want to share quickly and conveniently with specific people and organisations. Similarly, as a business, I want to share and track confidential information with clients, companies and government. We need to redress the balance and I want to have the opportunity to manage my personal information online ‘under my control, with my consent, for my benefit’.

I have just read Rethinking Personal Data: Strengthening Trust from the World Economic Forum in collaboration with The Boston Consulting Group. They have reached the conclusions that we, at PAOGA, reached a decade ago – the internet is great BUT, to quote Scott McNealy, ex CEO of Sun, on consumer privacy back in 1999 “You have zero privacy anyway, – Get over it!”
I can still hear the slap of that gauntlet and we, along with others, rose to the challenge.

It took a further decade, comprising numerous media exposés of data loss, identity ‘theft’ and data ‘sales’, exacerbated by the emerging Social Networks, to alert individuals to the risks. But the tipping point was the financial market crash, followed by the expenses scandal, huge costs of the National ID Register and Medical Records, and the scale of recent hacking episodes for individuals, companies and governments to realise the value of Trusted Relationships in all aspects of our lives.

We are now at the point where Global, National and Local governments and organisations are recognising the growing concerns of individuals, as citizens, consumers, patients, etc. who are informed about the value of their personal information and the risks of uncontrolled access online.
Organisations are also recognising the substantial costs and risks they carry in storing, managing and protecting this data in compliance with increasingly stringent regulations. The penalties for ‘loss of data’ are significant but the commercial cost of ‘loss of trust’ even more damaging. The recent Sony data loss of 100 million account details is estimated to cost Sony and credit card issuers $1-2 billion.

I strongly advise you download and read the WEF document to realise the scale of the opportunity we look to address and the risks of non-compliance. It is not surprising the WEF defined ‘Personal Information’ as the New Asset Class.

The post Anti Social Networks – their time has come. appeared first on PAOGA - Digital privacy & trust, personal identity security platform.

We have long been concerned about the issues of privacy and confidentiality on the web as a skim through my old blogs will attest. At that time neither individuals, businesses nor government recognised this as an issue – indeed, individuals were pouring out detailed personal information to anyone who asked, companies were collecting, harvesting and buying as much personal information as they could get hold of, and governments wanted to know as much about their ‘subjects’ as any ‘big brother’ would want to know about his siblings. Then the media started running stories and programs about the international wholesale market for personal information and the implications of ‘identity theft’ for individuals. The emergence and rapid growth of Social Networking exacerbated the risks for those who had been cavalier with sensitive information. The Financial Market crisis of 2008 signaled a tipping point resulting in words like Trust, Privacy and Relationships (personal and professional) reappearing in day to day language. Oft repeated quotes, such as “Privacy? There isn’t any – get over it!” were ridiculed – we subscribe to Sir Tim Berners-Lee’s quote “It’s mine – you can’t have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I’m getting in return.”

Last week PAOGA participated in a workshop exploring interoperability between VRM (Vendor Relationship Management) and CRM (Customer Relationship Management), chaired by Iain Henderson The Customers Voice at the Innovation Warehouse in London. Others attending included David Alexander Mydex as well as Phil Windley, Drummond Reed and Doc Searls from the US.

You will see from Doc’s link that he is promoting his latest book (yes – a real hardcover book in which he kindly wrote a message on the title page for me) following the huge success in the professional market of The Cluetrain Manifesto, originally published in 2000. This got me thinking about other books that have prophesied the results of technological development using fiction, faction and non-fiction.

We are striving to deliver The Future according to Doc – The Intention Economy

The post Social Prophecy appeared first on PAOGA - Digital privacy & trust, personal identity security platform.

It started for me with a fascinating lunch hosted by the Information Technologists’ Company on HQS Wellington. As always, an impressive keynote speaker in Professor Richard Susskind OBE but you’ll have to ask David Blunkett about his concerns regarding Home Office confidentiality –I thought you were supposed to kiss a lot of frogs, not let them whisper in your ear!

Microsoft launched the latest release of their Azure platform which addressed the concerns Peter, our CTO, had held. So much so that he had ported our PAOGA web service over in a matter of hours.

The post Conference Season – Autumn 2011 appeared first on PAOGA - Digital privacy & trust, personal identity security platform.

"The Cost of Cyber Crime" report reveals that whilst government and the citizen are affected by rising levels of cyber crime, at an estimated £2.2bn and £3.1bn cost respectively, business bears the lion’s share of the cost. The report indicates that, at a total estimated cost of £21bn, over three-quarters of the economic impact of cyber crime in the UK is felt by business.  In all probability, and in line with worst-case scenarios, the real impact of cyber crime is likely to be much greater.

Businesses are under contant attack with the theft of intellectual property rights and industrial espionage making up an estimated £16.8bn of the £21bn cost with the pharmaceutical sector most affected at £1.8bn closely followed by electronics and software. Being able to communicate, between verified and trusted individuals and entities, and share confidential documents online with an audit trail providing accountability would considerably mitigate the risk of theft.

The attack on Sony back in May 2011 has cost the company an estimated $150m excluding lost sales, share price impact and reputational damage "Sony hasn't taken care of my personal details – why trust it?". A data vault with 100m sensitive records is a tempting target and, even with encryption, is vulnerable to attack. The answer is not stronger encryption, it's 100m data vaults, or personal data lockers, each uniquely encrypted.

How many more 'tempting' data vaults need to be attacked before businesses accept that the way they protect individuals personal information and privacy has to change. Victor Chavez, CEO of Thales UK, estimates that ". . . in the last 18 months alone [there has been] possibly a tenfold increase in attacks".

So the likelyhood that your business, organisation, government department, or bank (who are reticent to discuss such attacks in case their customers lose faith in them) will get hit is high. Couple that with the fact that your personal, private and sensitive details are, for the average UK citizen, stored in 1,000 organisations data vaults and the likelyhood that you will be a victim is almost certain. At what cost? According to the report identity theft costs consumers £1.7bn – and rising.

And banks, who currently monitor and report how I manage my financial information, could be part of the solution rather than the problem, by monitoring and reporting how I manage my personal information. Is there a listening bank out there?

The post The Cost of Complacency appeared first on PAOGA - Digital privacy & trust, personal identity security platform.

The Canadian Government has long led the way regarding Privacy over Personal Information and this position is reinforced by the White Paper ‘Privacy by Design in Law, Policy and Practice’ published in August 2011 by Ann Cavoukian, Ph.D., the Information and Privacy Commissioner, Ontario, Canada.

The paper reflects and endorses what we at PAOGA have spent 6 years or more striving to embed in the processes used for communication and transactions between consumers, businesses and government to engender Privacy and Trust in the Digital Age to the benefit of all.

I have underlined too many sentences and assertions in this paper which echo our philosophy, strategy and objectives to extract here but, core to the vision of Privacy by Design (PbD) are:

The 7 Foundational Principles of Privacy by Design.

1. Proactive not Reactive; Preventative not Remedial

The Privacy by Design (PbD) approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy invasive events before they happen. PbD does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to prevent them from occurring. In short, Privacy by Design comes before-the-fact, not after.

PAOGA provides individuals and organisations with their personal digital ‘safe deposit box’. Only they have the key (PAOGA cannot access it) and, until they invite another individual or organisation to share their personal information "under their control, with their consent, for their benefit", it is completely private.

2. Privacy as the Default

We can all be certain of one thing — the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system, by default.

PAOGA provides the highest levels of encryption and security by default. The user can, if they choose, reduce those levels dependent upon context and their relationship.

3. Privacy Embedded into Design

Privacy by Design is embedded into the design and architecture of IT systems and business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system, without diminishing functionality.

PAOGA is committed to Privacy & Trust in the Digital Age.  Download LCEW White Paper (Final)

4. Full Functionality – Positive-Sum, not Zero-Sum

Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is possible to have both.

Privacy provides confidence which underpins trust. Trust is good for business as well as consumers.

5. End-to-End Lifecycle Protection

Privacy by Design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved, from start to finish. This ensures that at the end of the process, all data are securely destroyed, in a timely fashion. Thus, Privacy by Design ensures cradle to grave, lifecycle management of information, end-to-end.

PAOGA provides complete control over the personal and confidential information of the participants in a communication/transaction which only reveals relevant information and audit trail and can be subject to a time limit by the participants. Access permissions to relevant data or documents (one-time, scheduled or persistent) can be revoked by the owner.

6. Visibility and Transparency

Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain visible and transparent, to users and providers alike. Remember, trust but verify.

For ‘legal certainty’ and evidential weight’ it is crucial to establish a ‘legal starting point’ for individuals and organisations. Similarly, identity, assertions and documents, can be verified and certified by appropriate Trusted Third Parties. Either party can revisit THE document, not a copy, and assurance that the ‘transaction container has not been tampered with, the signatures remain validated and the time stamp accurate’.

7. Respect for User Privacy

Above all, Privacy by Design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric.

In the UK '80% of people are concerned about their personal information online' – Christopher Graham, Information Commissioner, January 2011 and 'Cyber crime costs UK plc £27 billion per annum' – Cabinet Office/Detica, September 2011.

The user, in their multiple roles as citizen, consumer, employee, patient etc., is the ‘common denominator’ in their relationships with other individuals and organisations, public and private. They are best placed to manage and update their personal information and to ‘share’ what is appropriate. This also shares the cost and regulatory risks of inaccurate data which is a threat to both individual and business.

The UK Cabinet Office Identity Assurance (IdA) program, in which individuals will have a choice of approved (public and private sector) identity providers, verification, certification and information storage services, marks a small but significant step towards Privacy by Design.

It is imperative that organisations (public and private) recognise this as a win-win proposition and embrace this initiative in their quest to reduce costs, improve efficiency, facilitate compliance, and establish trust.

The post Implementing PbD – Privacy by Design appeared first on PAOGA - Digital privacy & trust, personal identity security platform.