Midata Thoughts No. 1
Upcoming SlideShare
Loading in...5
×
 

Midata Thoughts No. 1

on

  • 626 views

My initial thoughts following discussion of the roles of participants, process flows, the developing co-regulatory environment, risks, controls and challenges. I have also included scenario diagrams ...

My initial thoughts following discussion of the roles of participants, process flows, the developing co-regulatory environment, risks, controls and challenges. I have also included scenario diagrams covering the three types of scenarios involved. Comments welcome here: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html

Statistics

Views

Total Views
626
Views on SlideShare
332
Embed Views
294

Actions

Likes
0
Downloads
3
Comments
0

13 Embeds 294

http://sdj-thefineprint.blogspot.co.uk 229
http://sdj-thefineprint.blogspot.com 43
http://www.linkedin.com 3
http://www.sdj-thefineprint.blogspot.co.uk 3
http://sdj-thefineprint.blogspot.jp 3
http://sdj-thefineprint.blogspot.com.es 3
http://sdj-thefineprint.blogspot.be 2
http://sdj-thefineprint.blogspot.ru 2
http://www.blogger.com 2
http://sdj-thefineprint.blogspot.fr 1
http://sdj-thefineprint.blogspot.de 1
http://sdj-thefineprint.blogspot.com.au 1
http://sdj-thefineprint.blogspot.ie 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Midata Thoughts No. 1 Midata Thoughts No. 1 Presentation Transcript

  • Midata Thoughts Draft v1.2 Simon Deane-Johns Consultant Solicitor andMember of the Midata Interoperability Board 14 December 2012
  • Contents• Overview• Participants/roles• Process flows• Developing co-regulatory environment• Scenario diagrams• Common operational risks, controls, challenges• Midata-specific challenges
  • Overview• The voluntary Midata programme involves a Supplier making each Customer’s transaction data available to the Customer in computer-readable format (“midata”).• This suggests three types of scenario: 1. Release of midata by the Supplier to the Customer 2. Release of midata by the Supplier to the Customer’s duly authorised Personal Information Manager (“PIM”) 3. Release of midata by Supplier to Customer/PIM, who transfers it to a third party supplier (“3PS”) View slide
  • Participants/Roles• Supplier – Supplier of goods or services whose systems generate midata (e.g. utility, bank, telco) – Includes Supplier’s own outsourced service provider(s)• Customer – person or micro-business who interacts with Supplier to produce midata• Personal Information Manager acting for the Customer (“PIM”) – Passive data repository • Only receives, stores and/or transmits the data • can’t ‘see’ or otherwise process content • ‘mere conduit’? – Active data repository • Stores data • Adds value by analysing or otherwise processing data • May alter content• Third Party Supplier (“3PS”) – Entity other than the Supplier/PIM to whom Customer/PIM supplies ‘midata’ for use only for the purpose of supplying goods or services to the Customer View slide
  • Process FlowsMidata involves two separate process flows:• Transaction flows – Offer and acceptance => contract between each of Customer, Supplier and PIM – Messaging, including identification of each party, data release request, confirmation of receipt etc.• Midata flows – Actual transfers of midata[Funds flows related to payments due between participantsare currently out of scope]
  • Developing Co-regulatory Environment• Data Protection Act 1998 (“DPA”) etc supervised by Information Commissioner’s Office (“ICO”) and related exemptions• Guidance etc issued by ICO• Sector-specific law/regulation – Sections 9 DPA and 159 of Consumer Credit Act 1974, applicable to credit reference agency data – Electricity Act, Gas Act => Data and Communications Company – [new Telecoms/banking/consumer credit regulation]• Industry Codes – Principles of Reciprocity (Credit Reference Agency data) – Smart Energy Code – [Other sector codes] – Security standards, Privacy by Design etc. – [Midata Principlesstandard permissions, rules on liablility etc?]• Contracts – Consents etc given under Contracts – [standard Midata permissions or Midata sharing agreements?]
  • Midata Scenario 1 1. ID authentication (“auth”) 2. Midata request Supplier Customer 3. Midata transferSupply contract
  • Midata Scenario 2a PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transferSupply contract PIM Service contract
  • Midata Scenario 2b PIM 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata RequestSupply contract PIM Service contract
  • Midata Scenario 2bCo-regulatory PIMrelationship? 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata RequestSupply contract PIM Service contract
  • Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. RequestSupply contract PIM Service contract 3PS Service contract
  • Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Co-regulatorySupply contract PIM Service contract 3PS Service contract relationships?
  • Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transferSupply contract PIM Service contract 3PS Service contract
  • Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Co-regulatorySupply contract PIM Service contract 3PS Service contract relationships?
  • Midata Scenario 3c 3PS 6. Midata transfer 4. ID auth. 5. Midata Request 1. ID auth Supplier 2. 2. Midata request Customer 3. Midata transferSupply contract PIM Service contract 3PS Service contract
  • Common Operational Risks• Failure to identify one or more parties• Fraudulent impersonation of one or more parties• ‘Wrongful’ refusal to release midata• Interception of messaging and/or midata in transit• Wrong midata released• Midata is inaccurate, late and/or unreliable• Midata is false, altered or corrupted• Midata misuse: – loss – destruction – storage longer than agreed/necessary – wrongful disclosure – use for an illicit purpose (including breach of IPRs)
  • Common Operational Controls/Challenges• Identity authentication/assurance for all parties• Release of correct midata• Secure transmission, processing, storage of midata• Preserving secrecy/confidentiality of midata content• Maintaining authenticity and integrity of midata• Ensuring accuracy, timeliness and reliability of midata• Guarding against various types of midata misuse• Vesting and protection of intellectual property rights in midata and/or midata databases
  • Midata-specific Challenges• Midata portability?• Extent of ‘agency’ involved in personal information management by PIM• Midata ‘community’ issues: – Principles of reciprocity? – Appropriate grounds for refusal to release? – Mirror CRA and/or DCC environment? – Apportionment of liability for various heads of loss or damage? – Complaints handling? – Enforcement? – Mapping midata to legal rights/obligations to customer permissions => a ‘personal data mark-up language’ (WEF “Rethinking Personal Data”)
  • Comments Comments welcome via the related post at The Fine Print:http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html