Monday, August 22, 2005

Blown away I'm delighted - and very flattered - by Kim's comments about the Privacy Maturity Model. I intend to develop this further using both quantitative and qualitative evidence from my work with Enterprise Privacy Group. Specifically, once we have sufficient member organisations we'll be kicking off a major survey of their privacy practices to understand what the gold standard looks like, and how organisations should be aiming to baseline their privacy infrastructure. The great news for EPG is that Microsoft is our first founding member. The EPG website will be updated over the coming weeks to provide much more information about the initiative, but if you can't wait for that then drop me a line and I'll send you some more information. 3:17:45 PM    comment []

A Maturity Model for Privacy? As some of you may be aware, I'm launching a corporate membership body with the objective of identifying, developing and propagating best practice in privacy management. The forum (called Enterprise Privacy Group) will consider a broad spectrum of privacy and freedom of information issues. Over recent weeks I've been talking with quite a number of potential member organisations, and one of the challenges has been explaining how we intend to cover a range of privacy issues, from very basic data protection through to some advanced identity management concepts. I had some difficulty explaining this spread, and from this I got round to thinking about the concept of a maturity model for privacy. My first ideas are in the diagram below: As the organisation develops through the maturity scale, it goes the following stages: Data Protection: at the earliest stages, the organisation understands that it has valuable personal information, and that there is a legal requirement to protect it in certain ways. However, there is no executive recognition that legal compliance does not necessarily protect the organisation from the consequences of misuse of that data. Privacy: the organisation recognises the moral imperative for ethical use of personal data, and that a proper usage policy - that applies greater controls than necessarily required by law - may reduce information risks and lead to better relationships with the individuals whose data is being stored and processed. Identity / Data Sharing: these issues are two sides of the same coin. In the private sector, organisations begin to recognise that data needs to be linked to an individual, rather than an asset. For example, a bank may start to link multiple accounts to the same account holder, and treat that holder as an individual in accordance with their privacy wishes. Data Sharing is the equivalent issue in public sector, where (contrary to common perception) most civil servants know that they already respect privacy of the citizen, and are seeking mechanisms to share data with other government departments without compromising that respect. Identity is crucial here if data is to be shared accurately and efficiently. 'Data Rejection': The top of the scale is Anonymity - an understanding that much of the personal data held by the organisation is simply unnecessary, and could in fact be more of a liability than an asset. For example, a bank does not (in theory, ignoring financial regulations) need to know who an account is, but simply how to check their credit score and how to contact them if necessary. The same bank faces heavy costs for compliance and risks of misuse whilst it holds that personal data. This has worked perfectly well for the Swiss banking industry for a very long time. When organisations start to minimise their personal data assets, then they are pushing to the top of the maturity model. Of course, 'Data Rejection' should be the goal of any true federated identity scheme. Once organisations and their clients realise the value of anonymised credentials, and the opportunities for new revenue streams based upon the trust that can be created this way, we should finally see someone reach this level in the maturity model (or maybe there's an organisation out there that's already done it?) I'd welcome comments on this idea, since it clearly needs lots of work before I start to back it up with hard survey data. Please feel free to let me know what you think. 2:59:06 PM    comment []

Another case of mistaken identity For those of you who still think you can't lose your identity, here's another example of what can go wrong... Prosecuted for passing himself off as himself A funeral director in a Dorset village last week applied to the House of Lords for leave to appeal against a court ruling that he must no longer trade under his own name, as he has been doing for 40 years. He is forbidden to tell anyone what he does for a living, and is told that if he answers the telephone he cannot even give his own name. During the decades that Richard Adlem has been burying his neighbours around Sixpenny Handley, he has won such a local reputation that those whose funerals he organised included a former prime minister, Lord Avon (Anthony Eden) and Cecil Beaton, the photographer. In 1993, Mr Adlem took on a partner, Stephen Beckwith, hoping he might one day carry on the business. For a nominal £10 he sold him part of the business, the chapel of rest which adjoins Mr Adlem's farmhouse. For seven years they worked happily together until Mr Beckwith decided to emigrate to Canada. He told Mr Adlem he had sold his share in the business to Newman's, a large firm of undertakers in Salisbury. Mr Adlem was then astonished to receive a letter from Newman's solicitors, telling him he could no longer carry on the business under his own name, since it had been sold to Newman's. Mr Adlem replied that he had never sold his name to Mr Beckwith, as was confirmed by their original contract. He intended to carry on as usual. From here on the story became truly bizarre. Clients of Newman's protested to trading standards officials and to the Advertising Standards Authority that they had been misled into thinking their family funerals would be carried out by Mr Adlem. Newman's themselves replied in writing that they had no intention of preventing Mr Adlem carrying on under his own name. Then in 2003, out of the blue, Mr Adlem found himself summoned to the High Court in London to face an action for "passing off": namely passing himself off as himself. The judge, a specialist in this field of law, had no hesitation in finding in Mr Adlem's favour. The case, he ruled, was so straightforward there were no grounds for appeal. Newman's solicitors thought otherwise. When they applied to the Court of Appeal, Lord Justice Jacob first gave leave, then reappeared as one of three judges to hear their appeal. He expressed impatience at the fact that Mr Adlem was not represented by a proper barrister, but by an unqualified neighbour. A second judge, Lady Justice Arden, found firmly in Mr Adlem's favour. Jacob and a third judge, who had no experience in "passing off" law, supported Newman's. Mr Adlem thus found himself in the curious position, as he has been tirelessly reminded by Newman's solicitors (three more letters arrived last week on one day), that he must stop using his own name in any connection with his business. He cannot even announce his name when answering the telephone. He faces a legal bill of more than £200,000. Encouraged by outraged support from almost the entire population of Sixpenny Handley, he last week lodged papers with the highest court in the land, hoping that common sense may prevail. Daily Telegraph, 10 July 2005 2:56:47 PM    comment []

The uniqueness of your identity This anecdote from the actor Bill Murray made me laugh. Stick with it through the golfing, the identity is there at the end! I'm invited. You're not. I'm invited. You're not... A FEW years back, I got invited to play in the Greater Milwaukee Open Pro-Am. The letter was quite amusing. "We're a small tournament, we have no TV, we've lost some sponsors, and we've also lost our site; we'll be playing this year on a public course. If there's any way you could make it, we sure would appreciate it." This arrow somehow got through my chain mail. I phoned Milwaukee and a guileless woman verified the whole sob story. The event was months away, so 40 minutes passed as we discussed Badger beer, bars, brats, bands, and state troopers. "August is beyond the range of my crystal ball," I said, "but it's possible. If I can make it, I will. It's been very nice talking to you. What's your name, ma'am?" "Marion. What's yours?" "I like the name Marion. My name is Bill Murray." "Are you the Bill Murray?" "Well, I'm a Bill Murray." "OK. Hope you can make it. Bye-bye." "Bye-bye." Two months later, I'm in the payphone in Pauly's parking lot. An officious man's voice says: "Greater Milwaukee Open." "Yes, I'd like to know what time the Pro-Am starts tomorrow morning, and if there's a practice range to hit on early." "That information should be in the packet that was sent to you, sir." "No packet was received. See, I wasn't sure I'd be able to come . . ." "If you did not receive a packet . . . you are not playing in the Pro-Am, sir. The packets were sent out a month ago, and everyone who is playing has received theirs." "But I was invited, and I called a couple of months ago . . ." "A . . . couple . . . of . . . months. . . ago . . ." "And I think I received letters after that . . ." "You talked to someone a couple of months ago, sir? The packets were sent out to all those playing in the Pro-Am. If you did not receive a packet . . ." "But I think they're expecting me." "You are not expected, sir. No one is expecting you. I guarantee you. If you did not receive a packet, then you are not expected." " . . . Is there a Marion there?" "Hold on, please." About a minute passed in Bunyan's gravel lot. Then a sweet woman's voice came across the phone. "Is this a Bill Murray?" The Times, 15 July 2005 2:42:04 PM    comment []