Management of Personal Data
description
Transcript of Management of Personal Data
Pat TyrrellVale Atlantic Associates
5 June 2009 AFCEA TechNet
The Plethora of Personal DataGovernment:
ID CardsHealth RecordsTax RecordsImmigration recordsCar records
Commercial World:Loyalty CardsCredit Card records
5 June 2009 AFCEA TechNet
How is it managed?Mostly legacy systemsInformation SilosPoor integration of Data across silosWhere data is integrated – considerable
scope for information chaos.Global issue
5 June 2009 AFCEA TechNet
5 June 2009 AFCEA TechNet
Separate databases with recognised, individual functions
Extract, Transform and Load
Integrated database with users at a different level
Setting the Requirement....Looking for a “Date Centric” approach.
“It’s the data, dummy!”
What do you want the data for?Where is this necessary data stored?How is its accuracy and relevance tracked?Who has a need to access this data?Do we need to have the data integrated?
5 June 2009 AFCEA TechNet
New Systems
Data Handling Limitations
Existing Sources
Mission Data
Knowledge
Intelligence
Decision Maker
Information
Intelligence Cycle
Intelligence Requirement
Imported Data
Analysts Networks Computing Storage Search Tools
StandardsLarge Databases
Multi-formatsMulti-level security
Update
Requirement
Defines Data Requirement
Partners Commercial
Shared
Police Government Local Govt.
Identified by “Gap
Analysis”
Data Centric Systems
Other National and International Databases
Failure of Information PrivacyPolice National Computer (before audit systems
introduced):Sale of sensitive data on car number plates to
private companies.Release of data relating to criminal investigations.
National Health Database (when available!):Hacking to see if Leo Blair had MMR jab.Discovering celebrity medical secrets.
House of Commons:Data on MP’s expenses.
5 June 2009 AFCEA TechNet
Who is Responsible?Data Owner?The Government?Data System Designer?The Public?All of the Above?
It is a societal issue rather than a technical one!
5 June 2009 AFCEA TechNet
Available Technology?Technology can integrate data rapidly and
accurately.Recent advances in XML technology have shown
ability to link heterogeneous datasetsResearch, involving 6 major, disparate, complex
data bases , such as that found within large police forces, allowed cross searching for in excess of 5 million complex records (~ 1.5 Tbytes in RDBMS)
Pressure on technology to deliver across the board.
5 June 2009 AFCEA TechNet
Privacy RequirementsStrategic Policy agreed at international levelPublic acceptabilityWhat assurance levels are required?Who can see what?What is the “need to know”?How do you police the system?Authentication and authorisation of system
users.Reliable audit processes in real time.
5 June 2009 AFCEA TechNet
Technical SolutionsIntegration of data requires single
representation of data.Some users may have the right to see all of
the data, others will have the right to see only partial sets of the data.
XML tagging may provide the flexibility of approach in providing adequate and enforceable privacy indicators.
Systems need to be accreditable.
5 June 2009 AFCEA TechNet
AFCEA Role in International Identity ManagementProvide the technological understanding of ID
management:What is feasible?What new technologies are emerging?What are the implications from a social
perspective?Provide “thought leadership” on what, where,
how and when:Privacy safeguardsPublic acceptability
Work as a mentor and guide to policy makers.5 June 2009 AFCEA TechNet
SummaryEffective management of personal data
leaves much to be desiredIt is primarily a policy issue rather than a
technical oneA strategy needs to evolve to ensure privacy
means Private!Traditional data systems are ineffective and
innovative technologies need to be utilised.“If you always do what you’ve always done,You’ll always get what you’ve always got”!
5 June 2009 AFCEA TechNet
[email protected]+44 7711 322541
5 June 2009 AFCEA TechNet