Management of Personal Data

Pat TyrrellVale Atlantic Associates

5 June 2009 AFCEA TechNet

The Plethora of Personal DataGovernment:

ID CardsHealth RecordsTax RecordsImmigration recordsCar records

Commercial World:Loyalty CardsCredit Card records


How is it managed?Mostly legacy systemsInformation SilosPoor integration of Data across silosWhere data is integrated – considerable

scope for information chaos.Global issue



Separate databases with recognised, individual functions

Extract, Transform and Load

Integrated database with users at a different level

Setting the Requirement....Looking for a “Date Centric” approach.

“It’s the data, dummy!”

What do you want the data for?Where is this necessary data stored?How is its accuracy and relevance tracked?Who has a need to access this data?Do we need to have the data integrated?


New Systems

Data Handling Limitations

Existing Sources

Mission Data

Knowledge

Intelligence

Decision Maker

Information

Intelligence Cycle

Intelligence Requirement

Imported Data

Analysts Networks Computing Storage Search Tools

StandardsLarge Databases

Multi-formatsMulti-level security

Update

Requirement

Defines Data Requirement

Partners Commercial

Shared

Police Government Local Govt.

Identified by “Gap

Analysis”

Data Centric Systems

Other National and International Databases

Failure of Information PrivacyPolice National Computer (before audit systems

introduced):Sale of sensitive data on car number plates to

private companies.Release of data relating to criminal investigations.

National Health Database (when available!):Hacking to see if Leo Blair had MMR jab.Discovering celebrity medical secrets.

House of Commons:Data on MP’s expenses.


Who is Responsible?Data Owner?The Government?Data System Designer?The Public?All of the Above?

It is a societal issue rather than a technical one!


Available Technology?Technology can integrate data rapidly and

accurately.Recent advances in XML technology have shown

ability to link heterogeneous datasetsResearch, involving 6 major, disparate, complex

data bases , such as that found within large police forces, allowed cross searching for in excess of 5 million complex records (~ 1.5 Tbytes in RDBMS)

Pressure on technology to deliver across the board.


Privacy RequirementsStrategic Policy agreed at international levelPublic acceptabilityWhat assurance levels are required?Who can see what?What is the “need to know”?How do you police the system?Authentication and authorisation of system

users.Reliable audit processes in real time.


Technical SolutionsIntegration of data requires single

representation of data.Some users may have the right to see all of

the data, others will have the right to see only partial sets of the data.

XML tagging may provide the flexibility of approach in providing adequate and enforceable privacy indicators.

Systems need to be accreditable.


AFCEA Role in International Identity ManagementProvide the technological understanding of ID

management:What is feasible?What new technologies are emerging?What are the implications from a social

perspective?Provide “thought leadership” on what, where,

how and when:Privacy safeguardsPublic acceptability

Work as a mentor and guide to policy makers.5 June 2009 AFCEA TechNet

SummaryEffective management of personal data

leaves much to be desiredIt is primarily a policy issue rather than a

technical oneA strategy needs to evolve to ensure privacy

means Private!Traditional data systems are ineffective and

innovative technologies need to be utilised.“If you always do what you’ve always done,You’ll always get what you’ve always got”!


[email protected]+44 7711 322541


Management of Personal Data

Documents

Transcript of Management of Personal Data