SlideShare a Scribd company logo

Midata Thoughts No. 1

Simon Deane-Johns
Simon Deane-Johns

My initial thoughts following discussion of the roles of participants, process flows, the developing co-regulatory environment, risks, controls and challenges. I have also included scenario diagrams covering the three types of scenarios involved. Comments welcome here: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html

Technology
1 of 19
Download to read offline
Midata Thoughts Draft v1.2 Simon Deane-Johns Consultant Solicitor and Member of the Midata Interoperability Board 14 December 2012
Contents • Overview • Participants/roles • Process flows • Developing co-regulatory environment • Scenario diagrams • Common operational risks, controls, challenges • Midata-specific challenges
Overview • The voluntary Midata programme involves a Supplier making each Customer’s transaction data available to the Customer in computer-readable format (“midata”). • This suggests three types of scenario: 1. Release of midata by the Supplier to the Customer 2. Release of midata by the Supplier to the Customer’s duly authorised Personal Information Manager (“PIM”) 3. Release of midata by Supplier to Customer/PIM, who transfers it to a third party supplier (“3PS”)
Participants/Roles • Supplier – Supplier of goods or services whose systems generate midata (e.g. utility, bank, telco) – Includes Supplier’s own outsourced service provider(s) • Customer – person or micro-business who interacts with Supplier to produce midata • Personal Information Manager acting for the Customer (“PIM”) – Passive data repository • Only receives, stores and/or transmits the data • can’t ‘see’ or otherwise process content • ‘mere conduit’? – Active data repository • Stores data • Adds value by analysing or otherwise processing data • May alter content • Third Party Supplier (“3PS”) – Entity other than the Supplier/PIM to whom Customer/PIM supplies ‘midata’ for use only for the purpose of supplying goods or services to the Customer
Process Flows Midata involves two separate process flows: • Transaction flows – Offer and acceptance => contract between each of Customer, Supplier and PIM – Messaging, including identification of each party, data release request, confirmation of receipt etc. • Midata flows – Actual transfers of midata [Funds flows related to payments due between participants are currently out of scope]
Developing Co-regulatory Environment • Data Protection Act 1998 (“DPA”) etc supervised by Information Commissioner’s Office (“ICO”) and related exemptions • Guidance etc issued by ICO • Sector-specific law/regulation – Sections 9 DPA and 159 of Consumer Credit Act 1974, applicable to credit reference agency data – Electricity Act, Gas Act => Data and Communications Company – [new Telecoms/banking/consumer credit regulation] • Industry Codes – Principles of Reciprocity (Credit Reference Agency data) – Smart Energy Code – [Other sector codes] – Security standards, Privacy by Design etc. – [Midata Principlesstandard permissions, rules on liablility etc?] • Contracts – Consents etc given under Contracts – [standard Midata permissions or Midata sharing agreements?]
Midata Scenario 1 1. ID authentication (“auth”) 2. Midata request Supplier Customer 3. Midata transfer Supply contract
Midata Scenario 2a PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract
Midata Scenario 2b PIM 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
Midata Scenario 2b Co-regulatory PIM relationship? 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Supply contract PIM Service contract 3PS Service contract
Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
Midata Scenario 3c 3PS 6. Midata transfer 4. ID auth. 5. Midata Request 1. ID auth Supplier 2. 2. Midata request Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
Common Operational Risks • Failure to identify one or more parties • Fraudulent impersonation of one or more parties • ‘Wrongful’ refusal to release midata • Interception of messaging and/or midata in transit • Wrong midata released • Midata is inaccurate, late and/or unreliable • Midata is false, altered or corrupted • Midata misuse: – loss – destruction – storage longer than agreed/necessary – wrongful disclosure – use for an illicit purpose (including breach of IPRs)
Common Operational Controls/Challenges • Identity authentication/assurance for all parties • Release of correct midata • Secure transmission, processing, storage of midata • Preserving secrecy/confidentiality of midata content • Maintaining authenticity and integrity of midata • Ensuring accuracy, timeliness and reliability of midata • Guarding against various types of midata misuse • Vesting and protection of intellectual property rights in midata and/or midata databases
Midata-specific Challenges • Midata portability? • Extent of ‘agency’ involved in personal information management by PIM • Midata ‘community’ issues: – Principles of reciprocity? – Appropriate grounds for refusal to release? – Mirror CRA and/or DCC environment? – Apportionment of liability for various heads of loss or damage? – Complaints handling? – Enforcement? – Mapping midata to legal rights/obligations to customer permissions => a ‘personal data mark-up language’ (WEF “Rethinking Personal Data”)
Comments Comments welcome via the related post at The Fine Print: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html

Recommended

Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Simon Deane-Johns
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 
Ecommerce Chap 08
Ecommerce Chap 08Ecommerce Chap 08
Ecommerce Chap 08Pimsat University
 
Digital signatur
Digital signaturDigital signatur
Digital signaturRuwandi Madhunamali
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Digital signature
Digital signatureDigital signature
Digital signaturegajerachetan
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureMelwin Mathew
 

Recommended

Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Simon Deane-Johns
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 
Ecommerce Chap 08
Ecommerce Chap 08Ecommerce Chap 08
Ecommerce Chap 08Pimsat University
 
Digital signatur
Digital signaturDigital signatur
Digital signaturRuwandi Madhunamali
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Digital signature
Digital signatureDigital signature
Digital signaturegajerachetan
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureMelwin Mathew
 
Digital signature
Digital signatureDigital signature
Digital signatureAbdullah Khosa
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesEhtisham Ali
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureRahul Yadav
 
Digital signature
Digital signatureDigital signature
Digital signatureMohanasundaram Nattudurai
 
Dsc ppt
Dsc pptDsc ppt
Dsc pptEarnlogicconsultants
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...IOSR Journals
 
Fu3111411144
Fu3111411144Fu3111411144
Fu3111411144IJERA Editor
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling FraudMike Batton
 
It act
It actIt act
It actYogesh Thawait
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment TokenizationHamid Ghorbani
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2Ankita Dave
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionIDES Editor
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
D.Silpa
D.SilpaD.Silpa
D.Silpast anns PG College,Mallapur,Hyderabad, India
 
Esign or Electronic Signature
Esign or Electronic SignatureEsign or Electronic Signature
Esign or Electronic SignaturePiChainAdministrator
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01Damrongsak Kobtakul
 
Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjSimon Deane-Johns
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Simon Deane-Johns
 

More Related Content

What's hot

Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesEhtisham Ali
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureRahul Yadav
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...IOSR Journals
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling FraudMike Batton
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2Ankita Dave
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionIDES Editor
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01Damrongsak Kobtakul
 

What's hot (20)

Digital signature
Digital signatureDigital signature
Digital signature
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Dsc ppt
Dsc pptDsc ppt
Dsc ppt
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
 
Fu3111411144
Fu3111411144Fu3111411144
Fu3111411144
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling Fraud
 
It act
It actIt act
It act
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
 
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
D.Silpa
D.SilpaD.Silpa
D.Silpa
 
Esign or Electronic Signature
Esign or Electronic SignatureEsign or Electronic Signature
Esign or Electronic Signature
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
 

Viewers also liked

Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjSimon Deane-Johns
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Simon Deane-Johns
 
Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Simon Deane-Johns
 
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersHow P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersSimon Deane-Johns
 
Response to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalResponse to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalSimon Deane-Johns
 
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Simon Deane-Johns
 
Enabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsEnabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsSimon Deane-Johns
 

Viewers also liked (8)

Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdj
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12
 
Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013
 
02 e
02 e02 e
02 e
 
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersHow P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
 
Response to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalResponse to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - final
 
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
 
Enabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsEnabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-Johns
 

Similar to Midata Thoughts No. 1

Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloudCloud Legal Project
 
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiquesSerrerom
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectBjorn Hjelm
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateBjorn Hjelm
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009Jason Edelstein
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011Andris Soroka
 
Analyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesAnalyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesCGI
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewJohn Blue
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileBjorn Hjelm
 
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4Capgemini
 
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCapgemini
 
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyA Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyIDES Editor
 

Similar to Midata Thoughts No. 1 (20)

Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloud
 
Mb2420032007
Mb2420032007Mb2420032007
Mb2420032007
 
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
Mis06
Mis06Mis06
Mis06
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile Connect
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
Bg24375379
Bg24375379Bg24375379
Bg24375379
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & Cloud
 
Analyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesAnalyst briefing session 2 the security challenges
Analyst briefing session 2 the security challenges
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile Profile
 
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
 
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
 
MIFID II and GDPR
MIFID II and GDPR MIFID II and GDPR
MIFID II and GDPR
 
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyA Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
 

More from Simon Deane-Johns

Trends in Digital Regulation
Trends in Digital RegulationTrends in Digital Regulation
Trends in Digital RegulationSimon Deane-Johns
 
Embedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCAEmbedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCASimon Deane-Johns
 
My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2Simon Deane-Johns
 
Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Simon Deane-Johns
 
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Simon Deane-Johns
 

More from Simon Deane-Johns (6)

Trends in Digital Regulation
Trends in Digital RegulationTrends in Digital Regulation
Trends in Digital Regulation
 
Embedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCAEmbedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCA
 
My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2
 
Crowdfunding sdj oct 2014
Crowdfunding sdj oct 2014Crowdfunding sdj oct 2014
Crowdfunding sdj oct 2014
 
Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final
 
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Midata Thoughts No. 1

  • 1. Midata Thoughts Draft v1.2 Simon Deane-Johns Consultant Solicitor and Member of the Midata Interoperability Board 14 December 2012
  • 2. Contents • Overview • Participants/roles • Process flows • Developing co-regulatory environment • Scenario diagrams • Common operational risks, controls, challenges • Midata-specific challenges
  • 3. Overview • The voluntary Midata programme involves a Supplier making each Customer’s transaction data available to the Customer in computer-readable format (“midata”). • This suggests three types of scenario: 1. Release of midata by the Supplier to the Customer 2. Release of midata by the Supplier to the Customer’s duly authorised Personal Information Manager (“PIM”) 3. Release of midata by Supplier to Customer/PIM, who transfers it to a third party supplier (“3PS”)
  • 4. Participants/Roles • Supplier – Supplier of goods or services whose systems generate midata (e.g. utility, bank, telco) – Includes Supplier’s own outsourced service provider(s) • Customer – person or micro-business who interacts with Supplier to produce midata • Personal Information Manager acting for the Customer (“PIM”) – Passive data repository • Only receives, stores and/or transmits the data • can’t ‘see’ or otherwise process content • ‘mere conduit’? – Active data repository • Stores data • Adds value by analysing or otherwise processing data • May alter content • Third Party Supplier (“3PS”) – Entity other than the Supplier/PIM to whom Customer/PIM supplies ‘midata’ for use only for the purpose of supplying goods or services to the Customer
  • 5. Process Flows Midata involves two separate process flows: • Transaction flows – Offer and acceptance => contract between each of Customer, Supplier and PIM – Messaging, including identification of each party, data release request, confirmation of receipt etc. • Midata flows – Actual transfers of midata [Funds flows related to payments due between participants are currently out of scope]
  • 6. Developing Co-regulatory Environment • Data Protection Act 1998 (“DPA”) etc supervised by Information Commissioner’s Office (“ICO”) and related exemptions • Guidance etc issued by ICO • Sector-specific law/regulation – Sections 9 DPA and 159 of Consumer Credit Act 1974, applicable to credit reference agency data – Electricity Act, Gas Act => Data and Communications Company – [new Telecoms/banking/consumer credit regulation] • Industry Codes – Principles of Reciprocity (Credit Reference Agency data) – Smart Energy Code – [Other sector codes] – Security standards, Privacy by Design etc. – [Midata Principlesstandard permissions, rules on liablility etc?] • Contracts – Consents etc given under Contracts – [standard Midata permissions or Midata sharing agreements?]
  • 7. Midata Scenario 1 1. ID authentication (“auth”) 2. Midata request Supplier Customer 3. Midata transfer Supply contract
  • 8. Midata Scenario 2a PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract
  • 9. Midata Scenario 2b PIM 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
  • 10. Midata Scenario 2b Co-regulatory PIM relationship? 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
  • 11. Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Supply contract PIM Service contract 3PS Service contract
  • 12. Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
  • 13. Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
  • 14. Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
  • 15. Midata Scenario 3c 3PS 6. Midata transfer 4. ID auth. 5. Midata Request 1. ID auth Supplier 2. 2. Midata request Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
  • 16. Common Operational Risks • Failure to identify one or more parties • Fraudulent impersonation of one or more parties • ‘Wrongful’ refusal to release midata • Interception of messaging and/or midata in transit • Wrong midata released • Midata is inaccurate, late and/or unreliable • Midata is false, altered or corrupted • Midata misuse: – loss – destruction – storage longer than agreed/necessary – wrongful disclosure – use for an illicit purpose (including breach of IPRs)
  • 17. Common Operational Controls/Challenges • Identity authentication/assurance for all parties • Release of correct midata • Secure transmission, processing, storage of midata • Preserving secrecy/confidentiality of midata content • Maintaining authenticity and integrity of midata • Ensuring accuracy, timeliness and reliability of midata • Guarding against various types of midata misuse • Vesting and protection of intellectual property rights in midata and/or midata databases
  • 18. Midata-specific Challenges • Midata portability? • Extent of ‘agency’ involved in personal information management by PIM • Midata ‘community’ issues: – Principles of reciprocity? – Appropriate grounds for refusal to release? – Mirror CRA and/or DCC environment? – Apportionment of liability for various heads of loss or damage? – Complaints handling? – Enforcement? – Mapping midata to legal rights/obligations to customer permissions => a ‘personal data mark-up language’ (WEF “Rethinking Personal Data”)
  • 19. Comments Comments welcome via the related post at The Fine Print: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html