Tag Archives: personal data

Five personal data lessons we need to learn from the Equifax hack

The Equifax data breach, which has leaked critical personal information including Social Security numbers and birth dates on an estimated 143m Americans, as well as Britons and Canadians, is one of the largest ever, both in scale and the importance of the data stolen. So what lessons can we – and must we – learn from this demonstration of individual powerlessness in the face of data theft?

  1. Honeypots of data are hugely attractive to hackers. We know this, it’s common sense – and yet still we are persisting with the centralising of personal data rather than returning it to the individual. Putting each of us in control of our own personal data, so we can choose when and with whom it is shared, is all that makes sense.
  2. When our data is sold from behind our backs, we don’t know who has it. The nature of Equifax’s credit-scoring business, which takes data from a number of sources to help other companies assess creditworthiness, makes it hard to assess whose data was stolen – and for individuals, whether they were involved in the breach. Again, so much better to have individuals as the hub of all their data, sharing it with insurance companies, for eg, when needed, or letting algorithyms run over the data on the phone and just return the result, in what we at digi.me call private sharing.
  3. When our data has been breached by a third party, we’re reliant on them to tell us. Equifax has set up a website for people to check if their personal details were part of the breach, but there have been widespread reports of the site returning different results for the same data. It also requires a Social Security number, making it useless for anyone outside the US. Not to mention the fact that the breach took weeks to come to light, potentially giving the hackers time to use the information they had stolen before its owners even knew it was gone. We are not in control of our own data, which is created by us. That model – where our data is used for profit by others – needs to change.
  4. Those involved are at significant risk of fraud for years to come. This is not an email breach, where the people involved can simply change their passwords and (largely) put a stop to the damage. The information stolen, which also included addresses, drivers licence details and credit card numbers, means those affected are at significant risk of identity theft – and will be for years to come. We must use breaches such as these as drivers for change – otherwise nothing will change.
  5. Finally, and possibly most scary of all, we don’t know what this means. We don’t know if this hack will translate into increased levels of theft and fraud, or whether other information held by similar credit-scoring companies is any more secure. Or, indeed, whether Equifax will be punished for this breach.

What we do know is that trusting others with our personal information has seen it leaked over and over again. The fundamental method of personal data management must move back to the individual from central stores. And until it does, massive breaches of this scale, and the subsequent hassle and problems caused to those the data actually belongs to, will continue. Regulation has a part to play, but so too does consumer behaviour – and we need to be clear that this is not ok, on any level.

Come and join the digi.me personal data hackathon

Calling all developers, designers and entrepreneurs (or indeed anyone with curiosity and flare!).

Are you interested in building personalised online experiences without losing control over or the privacy of your personal data?

Then our Data Hack Iceland hackathon is for you!

Being held on October 7 and 8 in Reykjavík, Iceland, the #letsgetpersonal event will feature personalised data, health and social data challenges.

Two identified so far are the digi.me challenge: build a cool innovative app using digi.me’s Consent Access platform with a focus on health and finance as Dattaca Labs and digi.me make private sharing real.

There is also a Code for a Cause challenge, looking at how we can better use open or user contributed data to give deeper insights into or tackle social problems including unemployment and environmental issues, with others to follow.

Ideas will be judged on their fundability, execution, UI/UX, originality and scalability, and the prizes include the Icelandic Data Hack Trophy for the best solution, as well as a VIP tickets package worth $2000.

Find more details of how to register, prizes, the schedule and rules visit https://www.digi.me/datahackiceland. A limited number of sponsorships are available.

 

Digi.me delighted to have signed MyData Internet of Me principles

We are delighted to have signed up to the Declaration of MyData principles, and urge anyone else with an interest in how personal data is held and managed to sign too.

The principles, which are a first version and will evolve with a second version expected after feedback in six months, are designed to “make sure individuals are in a position to know and control their personal data, but also to gain personal knowledge from them and to claim their share of their benefits.”

As the introductory text notes: “Today, the balance of power is massively tilted towards organisations, who alone have the power to collect, trade and make decisions based on personal data, whereas individuals can only hope, if they work hard, to gain some control over what happens with their data.

“The shifts and principles that we lay out in this Declaration aim at restoring balance and moving towards a human-centric vision of personal data. We believe they are the conditions for a just, sustainable and prosperous digital society whose foundations are:

  • Trust and confidence, that rest on balanced and fair relationships between people, as well as between people and organisations;
  • Self-determination, that is achieved, not only by legal protection, but also by proactive actions to share the power of data with individuals;
  • Maximising the collective benefits of personal data, by fairly sharing them between organisations, individuals and society.”

The six key principles are human-centric control of personal data, the individual as the point of integration, individual empowerment, data portability and re-use, transparency and accountability and interoperability.

MyData hopes that organisations and companies working in the personal data ecosystem will take and use these principles, to further their own projects, as well as build their own trust frameworks and terms of service.

They accord strongly with our own Internet of Me vision, with the individual at the centre of and in control of, their connected life. And we are also very happy to be a sponsor of the MyData conference next week in Tallinn and Helsinki.

Watch out for more updates on that!

 

Digi.me merges with Personal to create global personal data control powerhouse

Digi.me and Personal are combining forces through a merger, bringing together the leading European and US companies in the emerging personal data ecosystem to provide a single integrated solution for consumers and businesses.

Both companies have pioneered innovative technologies to empower individuals to gain control over the growing amount of data and analytics about themselves that fuels the digital world. They directly address the challenge of enhancing privacy while increasing the ability of people to benefit from sharing and analysing data, including by apps on a mobile phone without the data ever having to leave the phone.

The combined business will be called digi.me, with its global HQ near London in the UK and the US operation based in Washington, DC. Personal’s enterprise solutions, known as TeamData, will be spun off as a separate information security and productivity company for businesses. The combined global workforce of over 60 people will continue to work for digi.me.

“We are excited to bring together the best of digi.me and Personal to accelerate the growth of our combined products and network of partners,” said Julian Ranger, Founder and Chairman of digi.me. “We have each built complementary infrastructure and products necessary for individuals to easily aggregate and share data whilst maintaining its security and privacy. It’s a win-win for individuals and for companies who embrace this model of transparency and trust.”

“Everything is powered by data today, but without clear benefit for the individual,” said Shane Green, Co-founder and CEO of Personal, who will serve as CEO of digi.me (US). “In a world of rapidly expanding artificial intelligence, analytics and personalised experiences, it is critical that we as individuals have the tools and rules to ensure our interests are also served by our data.”

Digi.me and Personal have raised over $45 million between them, attracting leading investors such as the Omidyar Network, SwissRe, Planetary Holdings, TCS Capital Management, Allen & Company, Revolution Ventures, Ted Leonsis and Esther Dyson.

Digi.me allows individuals to easily aggregate a broad and deep range of their social media data from Facebook, Instagram, Twitter, Pinterest, Flickr and other popular sources along with financial data from hundreds of sources in a secure library.

Companies and developers can then use digi.me’s APIs to request access to integrated data sets to provide better data-driven experiences, services, and rewards, and to provide other benefits like rich personal analytics. Health, wearable and music data will also be available soon after the merger. Current partners of digi.me include Swiss Re, Western Digital, Lenovo, Amgen, Dattaca Labs and FNAC.

Personal is focused on secure, collaborative creation and management of reusable data constantly needed by people at home and work to complete thousands of information-related tasks. It supports a multitude of data types from passwords, credit cards and IDs to detailed data for office and home use such as insurance, health and personal data of employees and family members. A free version of Personal’s TeamData app will be available for individual use following the merger and will be integrated into digi.me later this year.

The combined version of digi.me and Personal will allow seamless management of thousands of different types of both feed and manually-created data, supported by the industry’s leading structured data ontology and data normalisation technology. It will also allow secure sharing and far richer data-driven experiences between individuals and third party apps, and allow companies to reduce business and regulatory risks by requesting access directly from users.

“People assume there is a fundamental trade-off between sharing data and privacy, with Americans historically favouring sharing and Europeans favouring privacy” said Rory Donnelly, CEO of digi.me. “That no longer has to be the case when the individual controls much of the critical data about them and their lives. We are delivering the exact permission-based technology solution regulators and CEOs have been seeking.”

“There simply isn’t any way we can create this exciting, data-driven future without individual agency over data,” said CV Madhukar, Investment Partner at Omidyar Network. “Companies can use data to improve our lives, but their interests must be balanced with that of the individual: users must always have choice over who they reward with their trust and data.”

Find more information about digi.me, including the app, at https://www.digi.me, Teamdata is at https://teamdata.com/

Government strengthens UK personal data protection law

Individuals will have more control over their personal data in new measures being announced today.

The new Data Protection Bill, which brings the UK into line with the upcoming GDPR, will give the public new rights, including the right to be forgotten, and the right to withdraw consent for personal data use.

Under the plans, parents and guardians will be able to give consent for their child’s data to be used and ‘explicit’ consent, rather than simple box ticking, will be necessary for processing sensitive personal data.

The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or 4 per cent of global turnover, in cases of the most serious data breaches.

Matt Hancock, Minister of State for Digital, said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

The Data Protection Bill will also make it easier and free for individuals to require an organisation to disclose the personal data it holds on them, as well as making it easier for customers to move data between service providers.

Elizabeth Denham, Information Commissioner, said: “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”

Julian David, CEO of techUK, said: “The UK has always been a world leader in data protection and data-driven innovation. Key to realising the full opportunities of data is building a culture of trust and confidence.”

NHS Deepmind and the need for transparency in personal data use

The NHS Deepmind deal has been heavily criticised by the Information Commissioner’s Office (ICO) for serious privacy erosion that fell foul of the Data Protection Act

The deal, which shared NHS patient data of 1.6m people with Google’s AI company Deepmind, had “several shortcomings” including that patients were not adequately informed that their data would be used as part of the tests on an app designed to diagnose serious kidney injury.

Elizabeth Denham, Information Commissioner, said in a statement: “There’s no doubt the huge potential that creative use of data could have on patient care and clinical improvements, but the price of innovation does not need to be the erosion of fundamental privacy rights.

“Our investigation found a number of shortcomings in the way patient records were shared for this trial. Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening.

“We’ve asked the Trust to commit to making changes that will address those shortcomings, and their co-operation is welcome. The Data Protection Act is not a barrier to innovation, but it does need to be considered wherever people’s data is being used.”

Deepmind has admitted that: “We were almost exclusively focused on building tools that nurses and doctors wanted, and thought of our work as technology for clinicians rather than something that needed to be accountable to and shaped by patients, the public and the NHS as a whole. We got that wrong, and we need to do better.”

There are two fundamental lessons here – and they will be applicable going forward as they are today.

The first is that privacy and innovation can live hand-in-hand. Access to better quality data is a huge boon for innovation across all sectors, but it has to be permissioned and not just handed over. That’s a fundamental human right of the people involved, as well as best practice for ensuring fully accurate data that has the most value. Greater transparency benefits us all.

The second is that users need to be in control of their data, not third parties. This is how situations like this are avoided – by giving individuals control over the data that is about, or created by, them.

In the digi.me world, it then becomes their choice, and theirs alone, what happens to that data. And that’s exactly as it should be.

Now Apple gets it too – the importance of owning your own health data

The importance of owning your personal data on your terms is of critical importance to us here at digi.me.

And health data is front and centre of that, which is why we have just launched a living lab in Iceland, allowing citizens there to download an electronic version of their health record. Exciting stuff and a world first – but mainly incredibly useful for all sorts of reasons.

Holding your own data so you can do more with it guides everything we do, so we were delighted that Apple is apparently working along the same lines as us.

According to this report: “CNBC has learned that a secretive team within Apple’s growing health unit has been in talks with developers, hospitals and other industry groups about bringing clinical data, such as detailed lab results and allergy lists, to the iPhone, according to a half-dozen people familiar with the team. And from there, users could choose to share it with third parties, like hospitals and health developers.”

As with digi.me, the applications for work like this are legion, ranging from simply having all your health data at your fingertips whenever you need it, to speeding up information sharing between different medical organisations and cutting out major time and frustrations for referrals.

The health service is ripe for reform, and health data is at the centre of that. So any work done in this arena is a boost to all, with the potential for truly universal benefits.

 

NHS cyber attack shows perils of not holding our own personal data

The global cyber attack that hit huge corporations worldwide and paralysed much of the UK’s National Health Service showed one thing above all – how easily centralised siloes of data can be rendered obselete.

The Wanna Decryptor ransomware attack, which is believed to have affected more than 200,000 systems in over 100 countries, making it the biggest in history, locked computers and systems before holding files hostage until a ransom was paid.

This had a massive impact on hospital trusts across the UK, which were unable to access patient data for treatment, meaning they were forced to send patients away and cancel appointments.

This was far from an attack aimed at the NHS, as some initially feared – but it did show its vulnerabilities – and not just in using older Microsoft computers that hadn’t been patched to cover known security issues.

Rather, it emphasised the loss of control that we all have over our personal data, when instead of having a copy ourselves, it is held in giant siloes controlled by others. And, which may or not be significant in this case, tend to prove to be very attractive honeypot targets for hackers because of the wealth of data they contain.

If we each had a copy of our own health data, the impact on the NHS would have been minimised dramatically. Anyone turning up for treatment or an appointment could have shown the relevant diagnostic and prescription history from within their digi.me app, presumably enabling further action to go ahead instead of mass cancellations.

And this is not just talk of a brave new world – it’s on the cusp of reality, with both a new version of our app and an exciting project demoing just this experience due to be announced within weeks.

The world will never be free of those who want to disrupt, harm and make money through nefarious means. But if we have control over our own data, through the principles of the Internet of Me, we take away a great deal of their power – certainly in their capacity to bring chaos to our lives.

Personal data – the fuel of the future?

Is Data really the world’s most valuable resource, the oil of its day?

That’s the scenario being posited as the lead story on the front page of The Economist – and what this titan of financial publishing and thought says, others listen to.

Of course, here at digi.me we have long been big believers in the power of data to transform and innovate, for individuals, businesses, society and even governments.

But we also know we’re riding the front of a wave, to some degree waiting for the world to catch up with us about the importance of both protecting and owning the elements that make up your very own, very personal digital footprint.

Thankfully, the importance of personal data is an issue that is pushing itself more and more to the forefront of discussion and awareness with every passing month. Incoming EU legislation, the GDPR, which has a great focus on individual power over personal data, will also force more conversations and visibility ahead of its implementation in a year’s time.

But the main Economist article and associated briefing is a great primer for those hoping to get up to speed on this important issue, straddling as it does the middle line between data’s power and the issues misuse of it can cause.

For example, it is clear that: “Data are to this century what oil was to the last one: a driver of growth and change. Flows of data have created new infrastructure, new businesses, new monopolies, new politics and—crucially—new economics.

“Digital information is unlike any previous resource; it is extracted, refined, valued, bought and sold in different ways. It changes the rules for markets and it demands new approaches from regulators.

“Many a battle will be fought over who should own, and benefit from, data.”

But it also adds: “There is cause for concern. Internet companies’ control of data gives them enormous power. Old ways of thinking about competition, devised in the era of oil, look outdated in what has come to be called the “data economy”. A new approach is needed.”

Its clarity, too, on what has fuelled this new approach: “What has changed? Smartphones and the internet have made data abundant, ubiquitous and far more valuable.” adds to its authority – this is a well-researched article, and all the more enjoyable for that.

It is a wide-ranging and very thorough piece, looking at all elements of the data economy (not just personal) and in particular what should be done with the Amazons, Googles and Ubers who own, or have access, to huge swathes of it.

Specifically looking at the personal data economy, it speaks of consumers and online giants being “locked in an awkward embrace…but…also showing symptoms of what is called “learned helplessness”: terms and conditions for services are often impenetrable and users have no choice than to accept them (smartphone apps quit immediately if one does not tap on “I agree”).”

It adds: “For their part, online firms have become dependent on the drug of free data: they have no interest in fundamentally changing the deal with their users. Paying for data and building expensive systems to track contributions would make data refiners much less profitable.”

Once again, we couldn’t agree more with this analysis of the current state of data trading – but we are confident that the Internet of Me, and the data revolution that platforms such as digi.me which operate under its principles will bring, are a full and proper solution to these issues. And moreover, a solution that is set to take the world by storm.

Digi.me named as finalist in the Citi Tech for Integrity Challenge

Digi.me is delighted to have been chosen as a finalist in the Citi Tech for Integrity Challenge, which is searching for innovative and workable solutions to key problems in the financial and governmental sectors.

Our bid, showcasing digi.me as a product that can help deal with challenges as diverse as corporate governance, anti-money laundering and identity validation, has now passed through two rounds and been shortlisted for a demo day in Dublin later this month.

Here, we will showcase a demo version showing multiple streams of data being uploaded to the app, with innovations addressing the specific ‘pain points’ being shared in presentation format.

These include using technology to analyse and identify patterns of fraudulent health insurance claims, and leveraging emerging technologies such as blockchain to create digital identities for the large population of people, such as refugees, who do not have legal identity papers.

Julian Ranger, digi.me Founder and Executive chairman, said: “Digi.me has always been a platform that will benefit both individual users and those that need to access consented data, and we know there are multiple and important use cases for it in society at large, over and above enabling the global population to take ownership of their own data.

“In these instances, it can enable much higher effectiveness and efficiency in distribution of services to people in distress. Respect of privacy between individuals and organisations is of utmost importance. With digi.me, users’ privacy is of the highest priority.”

At the demo day, digi.me will demonstrate how our product can be used to:

  • enable governments to efficiently and effectively identify refugees who have had to flee their home countries without identification papers. Their digi.me account is effectively an audit trail of their online life and therefore a way to identify both them and their circumstances, as well as reducing costs and waiting times for immigration departments.

  • enable insurance companies to reduce insurance fraud, with a knock-on effect of reducing insurance premiums for consumers

  • enable governments and NGOs to identify the correct individual recipient of any offered support, using their digi.me account to validate who they are and audit what was received. This method could be used for goods, vouchers or financial support whether beneficiaries are present or not.

Digi.me, which has focused largely to date on social media content, is undergoing a major update in the next few weeks which will see the ability to add financial and health data, with more categories of data becoming available over the next months. This update also sees the first public release of digi.me’s Consent Access capability which allows third parties to build apps requesting individual’s to share their data – five such apps are already in production.

The demo will be shown to judges including Colin Moreland, Citi’s Treasury and Trade Solutions Country Head, David Burrows, MD, Microsoft’s Intl Organizations, Ken Moore, Head of Mastercard Labs, and Yolande Piazza, Citi’s CEO of Consumer Fintech.