“These are our ’60’s.
It’s about freedom, and a breakaway from the establishment to the power of the individual.
No other group of companies so epitomises this ‘Time of Choice’ as Google, Ebay/SKYPE, MobileATM, ZOPA, PAOGA, Apple/itunes and Friends Reunited.”
Julie Meyer, Ariadne Capital. January 2006
An increasing number of individuals, 15million in the UK, are taking responsibility for managing their finances on-line, retail sales are feeling the effects of on-line shopping and the Travel Agency business is in dire straits. The High Street is changing before our eyes.
In addition to our physical entity many of us, especially the young, are developing multiple ‘digital’ entities that they use to interact, commercially and socially, on the Internet. Our physical identity; who we are, what we have, what we know, who knows us, needs a trusted digital alternative for our ‘digital’ life. And, just as we protect our reputation, our passport and our wallets, we need to protect our digital identity.
Suppliers, including government, have been amassing information about individuals for years using CRM to populate ever growing databases. On average, according to Privacy International, information about you and me is held on 700 databases today. The problem is that I have no idea where these databases are, what data they hold, if it is accurate and up-to-date, or if it has been stolen or sold without my knowledge.
The Data Protection Act 1998 provides the individual with certain rights of access (at a cost) and Data Controllers with legal obligations in an attempt to recognise the value and protect an individual’s personal data. Unfortunately it is impossible to exercise those rights over 700 databases and the Office of the Information Commissioner seems to have insufficient resources to effectively police the Data Controllers resulting in legal obligations being flouted “. . . until we are fined.” The result is increasing anxiety by individuals reading recent press revelations of public and private databases being hacked, lost or selling personal information coupled with the increasing understanding of the potential financial cost and considerable inconvenience of rebuilding your identity if cloned.
When asked in a government survey last year ‘Who do you trust to hold your data? Government, Banks, Tesco?’ the overwhelming response was ‘Me’.
‘A Time of Choice – Building Society for the 21st Century’ was a timely subject for the Ariadne discussion and hopefully a wakeup call for business and government. The underlying message was that much of the changes we are now seeing are being driven by the individual enabled by technology. Suppliers will, in the near future, be ‘managed’ by customers, flipping CRM to SRM, Supplier Relationship Management.
It is the individual who wants to ‘own’ their database, their secure Personal Data Bank, so they have one place to store, update and manage their personal information. And they want to choose the ‘who, what, when and why’ their information is shared.
Old businesses are horrified that their customers should want to take away ‘their’ data. Enlightened businesses question why they need to invest capital in silo technology to capture, store and maintain at considerable cost, data about individuals (often inaccurate or out-of-date) which carries potentially onerous financial and reputational risks when, if they focus their resources on providing an excellent product/service, customers and prospects will happily permit them access to their up-to-date relevant information in return.
The current cost to business of ‘acquiring’ information about a customer/prospect is between £25 – £100 with a half life of about 2 years. An invitation from an individual with a declared interest in a product/service to provide Permission Based Marketing on-demand not only delivers a qualified lead but at considerably lower cost.
The influence of corporate advertising is, with increasing intercommunications, being eclipsed by individual endorsement. Circles of Trust are developing. A ‘tipping point’ for a fashion item, a piece of technology, a new club or restaurant can be invoked in an instant as customers talk to customers on a global basis and social networks of like-minded individuals grow. ‘Smart’ companies such as eBay, Amazon etc. encourage this visible customer feedback and endorsement and it will begin to be available in other sectors where a customer’s ‘rating’ will influence a prospect.
The importance of Human Capital can no longer be left to the inefficiencies of the recruitment industry and classified ads. Individuals have skills and talents which cannot be ‘marketed’ through a 3 page CV. The ‘job for life’ is history. The skills market is increasingly fluid with future generations working flexible hours, from mobile locations for multiple employers. Storing an employees’ employment record is an unnecessary cost and risk to an organisation that should be focussing their resources on attracting, retaining and developing access to the skills that they require through access to a skills marketplace populated by individuals. This Global Human Capital Bank would only deliver ‘relevant’ information about a candidate’s skill to the potential employer and would only reveal their identity if the individual responds positively to a request from the potential employer IF they are interested in the position offered. Until such time, any exchange of sensitive information is unnecessary waste of both parties time and carries risk of data infringement.
My GP certainly knows more about my general health than the NHS. My healthcare could also include a chiropractor, my dentist, my optometrist and alternative medicine. I want to consolidate ALL of this medical information in my Personal Data Bank so that I can choose to share relevant fields with my employer or a life insurance company, anonymously at first for a quote, only connecting it to my identity if I choose to do business.
This doesn’t mean that I necessarily take away my records from the NHS but could synchronise appropriate fields. Data entered by the NHS or my GP could be ‘read only’ for me as a patient but it does mean that, if I was involved in an accident abroad, I could make my records available instantly.
It is interesting that the NHS Central Medical Database, a huge and much needed challenge to replace the piles of paper files, has gone from compulsory, to opt-out, to opt-in. Considering that the value of such data in the wrong hands is potentially as, if not more, damaging than the proposed National Identity Register it would not surprise me if the National ID Card went the same way.
The key issue that always arises is ‘How can we trust that the data is accurate?’
Trusted 3rd Party Certification Agencies are required. If I show my bank manager my passport, my driving licence and two utility bills, in accordance with the Financial Services Act, then, for a fee, they could issue a digital certificate verifying the relevant identity information (and ‘locking it so that I cannot amend the information without destroying the certificate). The same service could be provided to ‘certify’ academic qualifications, professional qualifications, etc. If I have biometric data taken for my passport or National ID Card then to whom does this data belong? Why can I not have a certified copy of this biometric data stored in my secure Personal Data Bank for my own use?
Authenticated Identity is crucial in a digital world but all your data in one place is dangerous and unnecessary. Personal Data Banks allow me to securely store my detailed information about my finances, my skills, my property, my medical records etc. in separate distributed databases anonymously accessible only through my uniquely encrypted, highly secure, personal id. If someone should hack into my financial records then the value to them is minimal if they can’t identify the user. Similarly, I would be happy to make my Medical Records available for research if my anonymity is maintained and could ‘sell’ my accurate and up-to-date personal demographics for market research.
As I take back access, control and responsibility for my personal data I can not only choose who I connect with but also when to ‘slam the door’.