SlideShare una empresa de Scribd logo

Midata Thoughts No. 1

Simon Deane-Johns
Simon Deane-Johns

My initial thoughts following discussion of the roles of participants, process flows, the developing co-regulatory environment, risks, controls and challenges. I have also included scenario diagrams covering the three types of scenarios involved. Comments welcome here: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html

Tecnología
1 de 19
Descargar para leer sin conexión
Midata Thoughts Draft v1.2 Simon Deane-Johns Consultant Solicitor and Member of the Midata Interoperability Board 14 December 2012
Contents • Overview • Participants/roles • Process flows • Developing co-regulatory environment • Scenario diagrams • Common operational risks, controls, challenges • Midata-specific challenges
Overview • The voluntary Midata programme involves a Supplier making each Customer’s transaction data available to the Customer in computer-readable format (“midata”). • This suggests three types of scenario: 1. Release of midata by the Supplier to the Customer 2. Release of midata by the Supplier to the Customer’s duly authorised Personal Information Manager (“PIM”) 3. Release of midata by Supplier to Customer/PIM, who transfers it to a third party supplier (“3PS”)
Participants/Roles • Supplier – Supplier of goods or services whose systems generate midata (e.g. utility, bank, telco) – Includes Supplier’s own outsourced service provider(s) • Customer – person or micro-business who interacts with Supplier to produce midata • Personal Information Manager acting for the Customer (“PIM”) – Passive data repository • Only receives, stores and/or transmits the data • can’t ‘see’ or otherwise process content • ‘mere conduit’? – Active data repository • Stores data • Adds value by analysing or otherwise processing data • May alter content • Third Party Supplier (“3PS”) – Entity other than the Supplier/PIM to whom Customer/PIM supplies ‘midata’ for use only for the purpose of supplying goods or services to the Customer
Process Flows Midata involves two separate process flows: • Transaction flows – Offer and acceptance => contract between each of Customer, Supplier and PIM – Messaging, including identification of each party, data release request, confirmation of receipt etc. • Midata flows – Actual transfers of midata [Funds flows related to payments due between participants are currently out of scope]
Developing Co-regulatory Environment • Data Protection Act 1998 (“DPA”) etc supervised by Information Commissioner’s Office (“ICO”) and related exemptions • Guidance etc issued by ICO • Sector-specific law/regulation – Sections 9 DPA and 159 of Consumer Credit Act 1974, applicable to credit reference agency data – Electricity Act, Gas Act => Data and Communications Company – [new Telecoms/banking/consumer credit regulation] • Industry Codes – Principles of Reciprocity (Credit Reference Agency data) – Smart Energy Code – [Other sector codes] – Security standards, Privacy by Design etc. – [Midata Principlesstandard permissions, rules on liablility etc?] • Contracts – Consents etc given under Contracts – [standard Midata permissions or Midata sharing agreements?]
Midata Scenario 1 1. ID authentication (“auth”) 2. Midata request Supplier Customer 3. Midata transfer Supply contract
Midata Scenario 2a PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract
Midata Scenario 2b PIM 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
Midata Scenario 2b Co-regulatory PIM relationship? 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Supply contract PIM Service contract 3PS Service contract
Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
Midata Scenario 3c 3PS 6. Midata transfer 4. ID auth. 5. Midata Request 1. ID auth Supplier 2. 2. Midata request Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
Common Operational Risks • Failure to identify one or more parties • Fraudulent impersonation of one or more parties • ‘Wrongful’ refusal to release midata • Interception of messaging and/or midata in transit • Wrong midata released • Midata is inaccurate, late and/or unreliable • Midata is false, altered or corrupted • Midata misuse: – loss – destruction – storage longer than agreed/necessary – wrongful disclosure – use for an illicit purpose (including breach of IPRs)
Common Operational Controls/Challenges • Identity authentication/assurance for all parties • Release of correct midata • Secure transmission, processing, storage of midata • Preserving secrecy/confidentiality of midata content • Maintaining authenticity and integrity of midata • Ensuring accuracy, timeliness and reliability of midata • Guarding against various types of midata misuse • Vesting and protection of intellectual property rights in midata and/or midata databases
Midata-specific Challenges • Midata portability? • Extent of ‘agency’ involved in personal information management by PIM • Midata ‘community’ issues: – Principles of reciprocity? – Appropriate grounds for refusal to release? – Mirror CRA and/or DCC environment? – Apportionment of liability for various heads of loss or damage? – Complaints handling? – Enforcement? – Mapping midata to legal rights/obligations to customer permissions => a ‘personal data mark-up language’ (WEF “Rethinking Personal Data”)
Comments Comments welcome via the related post at The Fine Print: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html

Recomendados

Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Simon Deane-Johns
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 
Ecommerce Chap 08
Ecommerce Chap 08Ecommerce Chap 08
Ecommerce Chap 08Pimsat University
 
Digital signatur
Digital signaturDigital signatur
Digital signaturRuwandi Madhunamali
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Digital signature
Digital signatureDigital signature
Digital signaturegajerachetan
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureMelwin Mathew
 

Recomendados

Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Simon Deane-Johns
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 
Ecommerce Chap 08
Ecommerce Chap 08Ecommerce Chap 08
Ecommerce Chap 08Pimsat University
 
Digital signatur
Digital signaturDigital signatur
Digital signaturRuwandi Madhunamali
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Digital signature
Digital signatureDigital signature
Digital signaturegajerachetan
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureMelwin Mathew
 
Digital signature
Digital signatureDigital signature
Digital signatureAbdullah Khosa
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesEhtisham Ali
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureRahul Yadav
 
Digital signature
Digital signatureDigital signature
Digital signatureMohanasundaram Nattudurai
 
Dsc ppt
Dsc pptDsc ppt
Dsc pptEarnlogicconsultants
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...IOSR Journals
 
Fu3111411144
Fu3111411144Fu3111411144
Fu3111411144IJERA Editor
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling FraudMike Batton
 
It act
It actIt act
It actYogesh Thawait
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment TokenizationHamid Ghorbani
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2Ankita Dave
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionIDES Editor
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
D.Silpa
D.SilpaD.Silpa
D.Silpast anns PG College,Mallapur,Hyderabad, India
 
Esign or Electronic Signature
Esign or Electronic SignatureEsign or Electronic Signature
Esign or Electronic SignaturePiChainAdministrator
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01Damrongsak Kobtakul
 
Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjSimon Deane-Johns
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Simon Deane-Johns
 

Más contenido relacionado

La actualidad más candente

Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesEhtisham Ali
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureRahul Yadav
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...IOSR Journals
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling FraudMike Batton
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2Ankita Dave
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionIDES Editor
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01Damrongsak Kobtakul
 

La actualidad más candente (20)

Digital signature
Digital signatureDigital signature
Digital signature
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Dsc ppt
Dsc pptDsc ppt
Dsc ppt
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
 
Fu3111411144
Fu3111411144Fu3111411144
Fu3111411144
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling Fraud
 
It act
It actIt act
It act
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
 
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
D.Silpa
D.SilpaD.Silpa
D.Silpa
 
Esign or Electronic Signature
Esign or Electronic SignatureEsign or Electronic Signature
Esign or Electronic Signature
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
 

Destacado

Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjSimon Deane-Johns
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Simon Deane-Johns
 
Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Simon Deane-Johns
 
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersHow P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersSimon Deane-Johns
 
Response to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalResponse to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalSimon Deane-Johns
 
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Simon Deane-Johns
 
Enabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsEnabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsSimon Deane-Johns
 

Destacado (8)

Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdj
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12
 
Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013
 
02 e
02 e02 e
02 e
 
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersHow P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
 
Response to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalResponse to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - final
 
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
 
Enabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsEnabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-Johns
 

Similar a Midata Thoughts No. 1

Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloudCloud Legal Project
 
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiquesSerrerom
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectBjorn Hjelm
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateBjorn Hjelm
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009Jason Edelstein
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011Andris Soroka
 
Analyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesAnalyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesCGI
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewJohn Blue
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileBjorn Hjelm
 
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4Capgemini
 
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCapgemini
 
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyA Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyIDES Editor
 

Similar a Midata Thoughts No. 1 (20)

Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloud
 
Mb2420032007
Mb2420032007Mb2420032007
Mb2420032007
 
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
Mis06
Mis06Mis06
Mis06
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile Connect
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
Bg24375379
Bg24375379Bg24375379
Bg24375379
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & Cloud
 
Analyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesAnalyst briefing session 2 the security challenges
Analyst briefing session 2 the security challenges
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile Profile
 
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
 
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
 
MIFID II and GDPR
MIFID II and GDPR MIFID II and GDPR
MIFID II and GDPR
 
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyA Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
 

Más de Simon Deane-Johns

Trends in Digital Regulation
Trends in Digital RegulationTrends in Digital Regulation
Trends in Digital RegulationSimon Deane-Johns
 
Embedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCAEmbedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCASimon Deane-Johns
 
My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2Simon Deane-Johns
 
Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Simon Deane-Johns
 
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Simon Deane-Johns
 

Más de Simon Deane-Johns (6)

Trends in Digital Regulation
Trends in Digital RegulationTrends in Digital Regulation
Trends in Digital Regulation
 
Embedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCAEmbedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCA
 
My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2
 
Crowdfunding sdj oct 2014
Crowdfunding sdj oct 2014Crowdfunding sdj oct 2014
Crowdfunding sdj oct 2014
 
Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final
 
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Midata Thoughts No. 1

  • 1. Midata Thoughts Draft v1.2 Simon Deane-Johns Consultant Solicitor and Member of the Midata Interoperability Board 14 December 2012
  • 2. Contents • Overview • Participants/roles • Process flows • Developing co-regulatory environment • Scenario diagrams • Common operational risks, controls, challenges • Midata-specific challenges
  • 3. Overview • The voluntary Midata programme involves a Supplier making each Customer’s transaction data available to the Customer in computer-readable format (“midata”). • This suggests three types of scenario: 1. Release of midata by the Supplier to the Customer 2. Release of midata by the Supplier to the Customer’s duly authorised Personal Information Manager (“PIM”) 3. Release of midata by Supplier to Customer/PIM, who transfers it to a third party supplier (“3PS”)
  • 4. Participants/Roles • Supplier – Supplier of goods or services whose systems generate midata (e.g. utility, bank, telco) – Includes Supplier’s own outsourced service provider(s) • Customer – person or micro-business who interacts with Supplier to produce midata • Personal Information Manager acting for the Customer (“PIM”) – Passive data repository • Only receives, stores and/or transmits the data • can’t ‘see’ or otherwise process content • ‘mere conduit’? – Active data repository • Stores data • Adds value by analysing or otherwise processing data • May alter content • Third Party Supplier (“3PS”) – Entity other than the Supplier/PIM to whom Customer/PIM supplies ‘midata’ for use only for the purpose of supplying goods or services to the Customer
  • 5. Process Flows Midata involves two separate process flows: • Transaction flows – Offer and acceptance => contract between each of Customer, Supplier and PIM – Messaging, including identification of each party, data release request, confirmation of receipt etc. • Midata flows – Actual transfers of midata [Funds flows related to payments due between participants are currently out of scope]
  • 6. Developing Co-regulatory Environment • Data Protection Act 1998 (“DPA”) etc supervised by Information Commissioner’s Office (“ICO”) and related exemptions • Guidance etc issued by ICO • Sector-specific law/regulation – Sections 9 DPA and 159 of Consumer Credit Act 1974, applicable to credit reference agency data – Electricity Act, Gas Act => Data and Communications Company – [new Telecoms/banking/consumer credit regulation] • Industry Codes – Principles of Reciprocity (Credit Reference Agency data) – Smart Energy Code – [Other sector codes] – Security standards, Privacy by Design etc. – [Midata Principlesstandard permissions, rules on liablility etc?] • Contracts – Consents etc given under Contracts – [standard Midata permissions or Midata sharing agreements?]
  • 7. Midata Scenario 1 1. ID authentication (“auth”) 2. Midata request Supplier Customer 3. Midata transfer Supply contract
  • 8. Midata Scenario 2a PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract
  • 9. Midata Scenario 2b PIM 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
  • 10. Midata Scenario 2b Co-regulatory PIM relationship? 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
  • 11. Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Supply contract PIM Service contract 3PS Service contract
  • 12. Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
  • 13. Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
  • 14. Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
  • 15. Midata Scenario 3c 3PS 6. Midata transfer 4. ID auth. 5. Midata Request 1. ID auth Supplier 2. 2. Midata request Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
  • 16. Common Operational Risks • Failure to identify one or more parties • Fraudulent impersonation of one or more parties • ‘Wrongful’ refusal to release midata • Interception of messaging and/or midata in transit • Wrong midata released • Midata is inaccurate, late and/or unreliable • Midata is false, altered or corrupted • Midata misuse: – loss – destruction – storage longer than agreed/necessary – wrongful disclosure – use for an illicit purpose (including breach of IPRs)
  • 17. Common Operational Controls/Challenges • Identity authentication/assurance for all parties • Release of correct midata • Secure transmission, processing, storage of midata • Preserving secrecy/confidentiality of midata content • Maintaining authenticity and integrity of midata • Ensuring accuracy, timeliness and reliability of midata • Guarding against various types of midata misuse • Vesting and protection of intellectual property rights in midata and/or midata databases
  • 18. Midata-specific Challenges • Midata portability? • Extent of ‘agency’ involved in personal information management by PIM • Midata ‘community’ issues: – Principles of reciprocity? – Appropriate grounds for refusal to release? – Mirror CRA and/or DCC environment? – Apportionment of liability for various heads of loss or damage? – Complaints handling? – Enforcement? – Mapping midata to legal rights/obligations to customer permissions => a ‘personal data mark-up language’ (WEF “Rethinking Personal Data”)
  • 19. Comments Comments welcome via the related post at The Fine Print: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html