Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William Heath, April 2013


Published on

On 8th of April, William Heath, Mydex Chairman gave a presentation at the Information Commissioner’s Office (ICO) Annual Roundtable 2013 about big data, personal data stores and Mydex’ position on the Data Protection Act (DPA). Here is the presentation along with the audio attached to each slide. Feel free to watch and hear William’s presentation at your own leisure.

To read William's reflections from the day, go to

For more information about Mydex, kindly visit
Or visit the developers site at
And to become a member of Mydex Personal Data Store, visit

Also learn more about Mydex-Midata at
and Mydex-Third Sector at

Follow Mydex on: -
RSS feed:
Google Plus:

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William Heath, April 2013

  1. 1. William Heath – Mydex Chairman (@williamheath & @mydexcic) Your data, your wayPersonal data stores: What is the potential, and where do theyfit in the Data Protection Act.William Heath – Mydex Chairman (@williamheath & @mydexcic) - All right reserved
  2. 2. Taking big data to the limit
  3. 3. Taking big data to the limit
  4. 4. “Exactness requires carefully curated data”from Big Data: A Revolution That Will Transform How We Live, Work and Think" by Ken Cukier & Viktor Mayer-Schonberger
  5. 5. Complementary approach: small data, “VRM” or TheIntention Economy DOC SEARLS
  6. 6. What is Mydex CIC and what does it offer? •  UK social enterprise formed in 2007 •  Empowers individuals to manage their lives more effectively •  Mydex offers highly secure personal data services: •  ID services, federated ID, SSO and ID assurance •  Secure consumer digital letterbox and data channel •  Trust framework; open platform •  Offers integration and new journeys for existing customers •  Supports “Manage my health/shopping/edu/travel/finance” apps •  Apps can be deployed inside or outside the platform •  ISO 270001 compliant; t-Scheme certified, recognised by - All right reserved
  7. 7. It’s a highly secure personal data service for individuals
  8. 8. Mydex provides a Trust Framework as a platform Mydex Charter | Terms for Members | Terms for Connections Data Sharing Agreement | ISO27001 | tScheme Relying Parties Application Attribute ProvidersService Providers Attribute Verifiers Trust Framework Provider and platform Unique Secure Encrypted Connections Mydex Members Personal Data Services
  9. 9. Mydex delivers a persistent trusted connection between any organisation and the individual for permissioned two-way data exchange and interactions Customer can select the specific data attributes they wish to on what basis
  10. 10. Clarity about role of Personal Data Storesemerging in many areas
  11. 11. Mydex stated position on DPA Status as a Data Controller Mydex is not the data controller for data stored inside the PDS or shared via the API•  Mydex has no access to the data at any point•  Mydex has no commercial rights to the data
  12. 12. Mydex stated position on DPA Status as a Data Controller Yes NoMydex is data controller Mydex is not data controllerfor the information shared in terms of the data storedwith Mydex for the inside the PDS or sharedpurposes of service via the APIprovision
  13. 13. What data does Mydex hold about its members?•  Mydex holds a register of members •  MydexID •  Password (SALT) which accesses only their Mydex Account, not their PDS •  Email address for purposes of service provision and support only •  IP Address for purposes of support only•  The member controls double encrypted files that together constitute a Personal Data Store.•  Mydex has •  no means of accessing the contents of files •  no means of decrypting files •  no knowledge of what is stored in files •  no knowledge of what is shared with connections
  14. 14. What can Mydex do in relation to the PDS data?•  Can suspend ability to send and receive data if Mydex member instructs Mydex to so •  The member has to be able to log in to their Mydex account •  Possible scenario – loss of PIN/Passphrase by member who then wishes to stop using PDS and create new one•  Archive a PDS as per account termination defined in members’ Terms•  Delete a PDS as defined by members’ Terms
  15. 15. Mydex stores in the cloud, but its Ts&Cs arent theusual cloud storage Ts&Cs•  Mydex has no ability and asserts no right to access users’ data •  Not “to operate and improve its service” •  Nor “to personalise its service” •  Nor “to share your personal data with affiliates” •  Nor for any other reason•  Mydex reserves no right to review, screen or remove content•  Mydex can’t remove the encryption users apply•  Mydex’ architecture supports member choice in where they store their PDS•  Mydex enables the individual to act as Data Controller
  16. 16. We see the emergence of secure personal dataservices as inevitable. So how far has it got?•  Mydex live “community prototype” completed•  HMG’s BIS midata: business gives structured data back to customers•  Other data givebacks: Google, Facebook, NHS, US blue/green buttons•  UK Government Digital Service (GDS) Digital by Default commitment•  GDS ID Assurance rollout based on 3rd party services•  Mydex CIC is one of the cross-govt ID assurance providers•  Work on quality, standards & interoperability: OIX, tScheme, ISO
  17. 17. Where next Mydex adoption and emergence of a range of similar services Data minimisation Diversity and interoperability
  18. 18. The more information you hear, the less funky it is Nile Rodgers
  19. 19. Thank you for your timeWEBSITE: www.mydex.orgFACEBOOK: @mydexcic & @williamheathEMAIL: william@mydex.orgTHIRD SECTOR WHITEPAPER: thirdsector.mydex.orgMIDATA WEBSITE: midata.mydex.orgMYDEX OVERVIEW ON SLIDESHARE: OVERVIEW ON YOUTUBE:
  20. 20. What we find organisations need•  Identity solutions •  Federated login / SSO; to get out of the username/password business •  Verified data attributes •  Certificates to support proofs of claims•  Integrated / streamlined / low cost secure channels •  improve data quality / reduce sparsity •  richer / broader data sets about their customers and prospects •  streamline customer journeys and flows of data •  improve business process flows•  Applications that bridge traditional applications and organisation boundaries •  Need to work inside and outside the organisation •  Need to include the citizen / customer