General Medical Clinics - Healthcare for the City of London

Evidence which Identity Trust CIC submitted last year to the Home Affairs Committee has been published in "A Surviellance Society?" a report which has been released on June 8, 2008.  The Home Affairs Committee warns against function creep and recommends policies of data minimisation for the UK government.  The fifth report on the subject is particularily concerned about any attempt to use patient or children data for the purposes of predictive profiling.  Pre-supposing intention through the analysis of attention is a great danger to the UK public.

Below is the memorandum Identity Trust has submitted in July 2007 as evidence which has helped create the policy recommendations published in this report.

Home Affairs Committee: Evidence Ev201

APPENDIX 29

Memorandum submitted by the Identity Trust

Published June 8, 2008

INTRODUCTION

1. Identity Trust is a proposed initiative to create a Community Interest Company192(CIC) initiative

focused on building tools and processes that enable transparency and more equitable user/ supplier

relationships. Identity Trust is member of the ITU-T Focus group on Identity Management, a member of the Internet Governance Forum: Dynamic Coalition on Privacy at the UN, and the US based Identity

Commons. Currently identity Trust is being consulted by the OECD focus group on Identity Management for input into guidelines to facilitate the development of regulatory standards for national identity management.

2. Identity Trust is in the process of raising investment funding to facilitate and extend the development

of commercial guidelines for the emerging Identity Industry. This emerging industry is being compared to

the Telecommunications Industry crossed with the Credit checking industry and will prove to be a

commercial example to which the government surveillance practices will be measured by.

3. it is the intention of this submission to advise on the role of transparency and the use of transparency

in a reciprocal manner to the use of surveillance over people and their identity data. The more surveillance

and the greater the scale and use of that transparency of people and their identifiers, the greater the need transparency, and user visibility needed over the management, manipulation, purpose, and sharing of that data. Eg User Identity Management logging, with read, write, aggregate, and

4. For instance a citizen needs to see who has accessed, for what reason, what their data is being data

mined for-etc. This would be consistent with commercial and international developments in international Identity Management standards.

5. The United Kingdom is in significant danger of becoming a laggard country in terms of its approach

to privacy, data protection and "identity" due to issues of trust. This will become an economic issue as well as a privacy one in that individuals will have options to take at least some of their "business" to other countries with more robust and user centric Identity Management approaches in place.

"Legitimate governance is inextricably linked to the larger problem of trust on the Internet. Market forces alone have proven insufficient to build trusted public networks. Trust is essentially a political problem rather than a technology or legal issue. For greater trust, the millions of individual participants in the Internet must find some vehicle for co-operation. Their own ability to trust will depend on the choices made by others on the network.

 A 'trusted' network goes beyond engineering concepts and requires a system that allowed users to feel confident that data and messages were confidential, unmodified and linked to an identity. Progress in building secure and trusted public networks requires asking what are the policies and legal and regulatory structure needed for trust; how would these be coordinated among nations; and who is best placed to undertake these actions." Jamie Lewis, Perils and Prospects for Internet Self-Regulation, Center for Strategic and International Studies, June 2002.

6. Surveillance and inappropriate identity management can erode trust and undermine the overall UK

governance infrastructure .

7. Risks of this could include the dispersion of commerce (Banking, Legal, Intellectual Property, etc.) to

other countries where more favourable conditions exist.

8. This contribution to this inquiry is intended to highlight solutions to the systemic issues surveillance

creates in society. Surveillance and IdM practices that occur today that minimise user/customer/citizen

transparency and thus create lack of trust and ultimately commercial disadvantage can in turn stimulate an

open marketplace and drive commercial innovation in the UK.

BACKGROUND

9. The quote below from the National Consumer Council in 2004193neatly summarizes the dilemma

being addressed in this consultation exercise.

(a) Personal information is one of the most valuable commodities in society today. Government and

public service providers gather a wealth of information from taxpayers, car owners, benefit

recipients, patients, clients, customers and voters. Businesses too, are intent on developing ever

more sophisticated ways of capturing and using data about individuals.

(b) Consumers have much to gain from these developments. But whenever personal data is collected

and stored it may also be abused. Wrong information may be passed on to third parties, privacy

invaded, or individuals besieged by marketers. Trust is hard won and necessarily fragile. If the

information age is to develop on secure foundations, it is vital that those who collect and use

personal data maintain the confidence of those who are asked to provide it.

Source: National Consumer Council, 2004.

10. That's the theory; but the reality is that individuals have an ever-growing body of evidence that

suggests they should be very wary of what they provide and who they provide it to when they are asked to share personal information. In recent years individuals have been increasingly exposed to:

(a) The rapid increase in the use of surveillance and tracking technologies with little in the way of "opt

out" possibilities.

(b) An ever-growing mountain of irrelevant junk mail on their doormats, and other forms of direct

marketing messaging grabbing their precious time.

(c) Cold-call tele-marketers blatantly using hard sell "slamming" tactics to sell products and services

that are not in the individuals' best interests.

(d) Their personal data being sold, bought, rented and swapped for money, in which they get no share

(even public sector bodies such as the DVLA have managed to justify to them selves and their paymsters

that selling personal data is within their remit).

(e) Inaccuracies in personal data stored by the information industry that take individuals significant

amounts of time and effort to correct; if, of course they even find out about them.

(f) The increased risk identity theft, with all that this entails, from organizations taking less care of

personal data than they should.

11. In order to map a positive way forward :or all parties, as suggested in the above quote, we must

articulate the strategic weaknesses in the current state, and then put new modus operandi in place that are un-encumbered by these outdated mind-sets and processes.

SPECIFIC CURRENT STATE PROBLEMS

12. Specific problems with the current state include.

13. The Data Protection Act, and the various add-ons of recent years are articulated at too high a level

to be meaningful. The various acts fail to enable meaningful transparency around:

(a) Precisely what data are being stored (split by sensitive and non-sensitive data).

(b) Precisely how long are they being stored for, and how is there accuracy maintained.

(c) Precisely what are these data being used for.

14. The answers to all of the above are largely available to organisations, through processes typically

relating to data audits for major IT projects (e.g.CRM, business intelligence, analytics).An example of such as audit is shown belo.194But, the Data Protection Act does not demand disclosure at this detailed level, allowing organisations to hide behind obscure, high level descriptions enshrined in privacy policies that are specifically designed not to be read by end users.

15. This current scenario is best summed up 'by quoting from a top UK-based data protection lawyer

about how they engage/support their business colleagues-'the business people tell us what they wish to do, and we tell them how to do it to avoid getting caught out by data protection law'. This start point is wrong the personal right to privacy is not a priority for organisations, whether they be private or public sector.

16. Most organisations have in-built structural reasons for not wishing to be transparent about data

content stored, and data uses deployed. In the private sector the motive is profit (driven by shareholders),

in the public sector it is reducing "cost to serve". (driven by stakeholders) If customers or citizens actually knew, through transparent approaches, what was being done with their personal data, then they would

minimise sharing and usage using existing legal vehicles and further steps available (eg the various

suppression files).Until this barrier is overcome, then we won't move beyond the current mess.

17. There is no mandatory requirement for notification of a data breach (USA used to be regarded by

Europe as having weak privacy laws, yet in Califiornia they are streets ahead in how they handle the

inevitable data breaches).

18. Data Protection legislation has not kept pace with the developing internet and e-commerce world.

Web 1.0 is stretching enough, but the far more personal data-intensive web 2.0195will be the straw that

breaks the camel's backs of the current approaches.

19. In light of web 2.0and what will come next (see below),the right to subject access must be modernised in a number of respects.

20. Success rates for crime detection via CCTV are low in practice due to the inadequacies of the current

state technology.

21. Current approaches show no respect for the time of the individual. Time is increasingly a more scarce

commodity than money and should be treated as such.

SUGGESTIONS

22. Update the Data Protection Act (an equivalents) to articulate data content and data usage at a

meaningful level of detail.

23. Introduce Privacy Impact Assessments as an overlay for new projects-but based on this new, lower

level of detail. At the high level, PIA's would be meaningless (and thus an un-necessary layer of

bureaucracy).

24. Mandatory, value-added data breach notification. . . a "no-brainer"-don't debate, just deploy.

25. Further research and educate on the principles of minimal disclosure (ie only gather and store the

data required rather than take the opportunity to grab more).

26. Investigate revenue sharing with individuals whose data is being sold (start with DVLA).

27. Investigate the impact on the time of the individual wasted by data related weakness.

28. Publishing of success rates by CCTV camera and having each installation justified would minimise

un-necessary deployment.

29. Improvements to the subject access process should include:

(a) The data subject should be provided with the data relating to them in electronic format should

they wish.

(b) Cost of subject access should fall to expand usage (which in turn will aid the whole eco-system).

(c) Frequency of subject access should be targeted at "any time, and almost real time".

(d) Automated use of agents (electronic and manual) to aid individuals in subject access requests

should be encouraged.

30. Fund research into the use of digital rights management around personal data-one of the few ways

in which privacy legislation can actually be enforced. Pilot such schemesin government databases to track! make transparent data sharing and data use.

31. Accept that without much of the above, individuals willgain transparency anyway through the much more aggressive deployment of Privacy Enhancing Technologies (PET's).