SlideShare a Scribd company logo

Midata Thoughts No. 1

Simon Deane-Johns
Simon Deane-Johns

My initial thoughts following discussion of the roles of participants, process flows, the developing co-regulatory environment, risks, controls and challenges. I have also included scenario diagrams covering the three types of scenarios involved. Comments welcome here: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html

Technology
1 of 19
Download to read offline
Midata Thoughts Draft v1.2 Simon Deane-Johns Consultant Solicitor and Member of the Midata Interoperability Board 14 December 2012
Contents • Overview • Participants/roles • Process flows • Developing co-regulatory environment • Scenario diagrams • Common operational risks, controls, challenges • Midata-specific challenges
Overview • The voluntary Midata programme involves a Supplier making each Customer’s transaction data available to the Customer in computer-readable format (“midata”). • This suggests three types of scenario: 1. Release of midata by the Supplier to the Customer 2. Release of midata by the Supplier to the Customer’s duly authorised Personal Information Manager (“PIM”) 3. Release of midata by Supplier to Customer/PIM, who transfers it to a third party supplier (“3PS”)
Participants/Roles • Supplier – Supplier of goods or services whose systems generate midata (e.g. utility, bank, telco) – Includes Supplier’s own outsourced service provider(s) • Customer – person or micro-business who interacts with Supplier to produce midata • Personal Information Manager acting for the Customer (“PIM”) – Passive data repository • Only receives, stores and/or transmits the data • can’t ‘see’ or otherwise process content • ‘mere conduit’? – Active data repository • Stores data • Adds value by analysing or otherwise processing data • May alter content • Third Party Supplier (“3PS”) – Entity other than the Supplier/PIM to whom Customer/PIM supplies ‘midata’ for use only for the purpose of supplying goods or services to the Customer
Process Flows Midata involves two separate process flows: • Transaction flows – Offer and acceptance => contract between each of Customer, Supplier and PIM – Messaging, including identification of each party, data release request, confirmation of receipt etc. • Midata flows – Actual transfers of midata [Funds flows related to payments due between participants are currently out of scope]
Developing Co-regulatory Environment • Data Protection Act 1998 (“DPA”) etc supervised by Information Commissioner’s Office (“ICO”) and related exemptions • Guidance etc issued by ICO • Sector-specific law/regulation – Sections 9 DPA and 159 of Consumer Credit Act 1974, applicable to credit reference agency data – Electricity Act, Gas Act => Data and Communications Company – [new Telecoms/banking/consumer credit regulation] • Industry Codes – Principles of Reciprocity (Credit Reference Agency data) – Smart Energy Code – [Other sector codes] – Security standards, Privacy by Design etc. – [Midata Principlesstandard permissions, rules on liablility etc?] • Contracts – Consents etc given under Contracts – [standard Midata permissions or Midata sharing agreements?]
Midata Scenario 1 1. ID authentication (“auth”) 2. Midata request Supplier Customer 3. Midata transfer Supply contract
Midata Scenario 2a PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract
Midata Scenario 2b PIM 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
Midata Scenario 2b Co-regulatory PIM relationship? 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Supply contract PIM Service contract 3PS Service contract
Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
Midata Scenario 3c 3PS 6. Midata transfer 4. ID auth. 5. Midata Request 1. ID auth Supplier 2. 2. Midata request Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
Common Operational Risks • Failure to identify one or more parties • Fraudulent impersonation of one or more parties • ‘Wrongful’ refusal to release midata • Interception of messaging and/or midata in transit • Wrong midata released • Midata is inaccurate, late and/or unreliable • Midata is false, altered or corrupted • Midata misuse: – loss – destruction – storage longer than agreed/necessary – wrongful disclosure – use for an illicit purpose (including breach of IPRs)
Common Operational Controls/Challenges • Identity authentication/assurance for all parties • Release of correct midata • Secure transmission, processing, storage of midata • Preserving secrecy/confidentiality of midata content • Maintaining authenticity and integrity of midata • Ensuring accuracy, timeliness and reliability of midata • Guarding against various types of midata misuse • Vesting and protection of intellectual property rights in midata and/or midata databases
Midata-specific Challenges • Midata portability? • Extent of ‘agency’ involved in personal information management by PIM • Midata ‘community’ issues: – Principles of reciprocity? – Appropriate grounds for refusal to release? – Mirror CRA and/or DCC environment? – Apportionment of liability for various heads of loss or damage? – Complaints handling? – Enforcement? – Mapping midata to legal rights/obligations to customer permissions => a ‘personal data mark-up language’ (WEF “Rethinking Personal Data”)
Comments Comments welcome via the related post at The Fine Print: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html

Recommended

Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Simon Deane-Johns
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 
Ecommerce Chap 08
Ecommerce Chap 08Ecommerce Chap 08
Ecommerce Chap 08Pimsat University
 
Digital signatur
Digital signaturDigital signatur
Digital signaturRuwandi Madhunamali
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Digital signature
Digital signatureDigital signature
Digital signaturegajerachetan
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureMelwin Mathew
 

Recommended

Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Simon Deane-Johns
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 
Ecommerce Chap 08
Ecommerce Chap 08Ecommerce Chap 08
Ecommerce Chap 08Pimsat University
 
Digital signatur
Digital signaturDigital signatur
Digital signaturRuwandi Madhunamali
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Digital signature
Digital signatureDigital signature
Digital signaturegajerachetan
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureMelwin Mathew
 
Digital signature
Digital signatureDigital signature
Digital signatureAbdullah Khosa
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesEhtisham Ali
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureRahul Yadav
 
Digital signature
Digital signatureDigital signature
Digital signatureMohanasundaram Nattudurai
 
Dsc ppt
Dsc pptDsc ppt
Dsc pptEarnlogicconsultants
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...IOSR Journals
 
Fu3111411144
Fu3111411144Fu3111411144
Fu3111411144IJERA Editor
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling FraudMike Batton
 
It act
It actIt act
It actYogesh Thawait
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment TokenizationHamid Ghorbani
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2Ankita Dave
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionIDES Editor
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
D.Silpa
D.SilpaD.Silpa
D.Silpast anns PG College,Mallapur,Hyderabad, India
 
Esign or Electronic Signature
Esign or Electronic SignatureEsign or Electronic Signature
Esign or Electronic SignaturePiChainAdministrator
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01Damrongsak Kobtakul
 
Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjSimon Deane-Johns
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Simon Deane-Johns
 

More Related Content

What's hot

Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesEhtisham Ali
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureRahul Yadav
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...IOSR Journals
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling FraudMike Batton
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2Ankita Dave
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionIDES Editor
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01Damrongsak Kobtakul
 

What's hot (20)

Digital signature
Digital signatureDigital signature
Digital signature
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Dsc ppt
Dsc pptDsc ppt
Dsc ppt
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
 
Fu3111411144
Fu3111411144Fu3111411144
Fu3111411144
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling Fraud
 
It act
It actIt act
It act
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
 
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
D.Silpa
D.SilpaD.Silpa
D.Silpa
 
Esign or Electronic Signature
Esign or Electronic SignatureEsign or Electronic Signature
Esign or Electronic Signature
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
 

Viewers also liked

Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjSimon Deane-Johns
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Simon Deane-Johns
 
Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Simon Deane-Johns
 
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersHow P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersSimon Deane-Johns
 
Response to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalResponse to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalSimon Deane-Johns
 
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Simon Deane-Johns
 
Enabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsEnabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsSimon Deane-Johns
 

Viewers also liked (8)

Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdj
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12
 
Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013
 
02 e
02 e02 e
02 e
 
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersHow P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
 
Response to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalResponse to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - final
 
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
 
Enabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsEnabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-Johns
 

Similar to Midata Thoughts No. 1

Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloudCloud Legal Project
 
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiquesSerrerom
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectBjorn Hjelm
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateBjorn Hjelm
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009Jason Edelstein
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011Andris Soroka
 
Analyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesAnalyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesCGI
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewJohn Blue
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileBjorn Hjelm
 
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4Capgemini
 
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCapgemini
 
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyA Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyIDES Editor
 

Similar to Midata Thoughts No. 1 (20)

Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloud
 
Mb2420032007
Mb2420032007Mb2420032007
Mb2420032007
 
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
Mis06
Mis06Mis06
Mis06
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile Connect
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
Bg24375379
Bg24375379Bg24375379
Bg24375379
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & Cloud
 
Analyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesAnalyst briefing session 2 the security challenges
Analyst briefing session 2 the security challenges
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile Profile
 
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
 
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
 
MIFID II and GDPR
MIFID II and GDPR MIFID II and GDPR
MIFID II and GDPR
 
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyA Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
 

More from Simon Deane-Johns

Trends in Digital Regulation
Trends in Digital RegulationTrends in Digital Regulation
Trends in Digital RegulationSimon Deane-Johns
 
Embedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCAEmbedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCASimon Deane-Johns
 
My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2Simon Deane-Johns
 
Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Simon Deane-Johns
 
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Simon Deane-Johns
 

More from Simon Deane-Johns (6)

Trends in Digital Regulation
Trends in Digital RegulationTrends in Digital Regulation
Trends in Digital Regulation
 
Embedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCAEmbedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCA
 
My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2
 
Crowdfunding sdj oct 2014
Crowdfunding sdj oct 2014Crowdfunding sdj oct 2014
Crowdfunding sdj oct 2014
 
Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final
 
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
 

Recently uploaded

“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdfMuhammad Subhan
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfalexjohnson7307
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Hiroshi SHIBATA
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxMasterG
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 

Recently uploaded (20)

“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 

Midata Thoughts No. 1

  • 1. Midata Thoughts Draft v1.2 Simon Deane-Johns Consultant Solicitor and Member of the Midata Interoperability Board 14 December 2012
  • 2. Contents • Overview • Participants/roles • Process flows • Developing co-regulatory environment • Scenario diagrams • Common operational risks, controls, challenges • Midata-specific challenges
  • 3. Overview • The voluntary Midata programme involves a Supplier making each Customer’s transaction data available to the Customer in computer-readable format (“midata”). • This suggests three types of scenario: 1. Release of midata by the Supplier to the Customer 2. Release of midata by the Supplier to the Customer’s duly authorised Personal Information Manager (“PIM”) 3. Release of midata by Supplier to Customer/PIM, who transfers it to a third party supplier (“3PS”)
  • 4. Participants/Roles • Supplier – Supplier of goods or services whose systems generate midata (e.g. utility, bank, telco) – Includes Supplier’s own outsourced service provider(s) • Customer – person or micro-business who interacts with Supplier to produce midata • Personal Information Manager acting for the Customer (“PIM”) – Passive data repository • Only receives, stores and/or transmits the data • can’t ‘see’ or otherwise process content • ‘mere conduit’? – Active data repository • Stores data • Adds value by analysing or otherwise processing data • May alter content • Third Party Supplier (“3PS”) – Entity other than the Supplier/PIM to whom Customer/PIM supplies ‘midata’ for use only for the purpose of supplying goods or services to the Customer
  • 5. Process Flows Midata involves two separate process flows: • Transaction flows – Offer and acceptance => contract between each of Customer, Supplier and PIM – Messaging, including identification of each party, data release request, confirmation of receipt etc. • Midata flows – Actual transfers of midata [Funds flows related to payments due between participants are currently out of scope]
  • 6. Developing Co-regulatory Environment • Data Protection Act 1998 (“DPA”) etc supervised by Information Commissioner’s Office (“ICO”) and related exemptions • Guidance etc issued by ICO • Sector-specific law/regulation – Sections 9 DPA and 159 of Consumer Credit Act 1974, applicable to credit reference agency data – Electricity Act, Gas Act => Data and Communications Company – [new Telecoms/banking/consumer credit regulation] • Industry Codes – Principles of Reciprocity (Credit Reference Agency data) – Smart Energy Code – [Other sector codes] – Security standards, Privacy by Design etc. – [Midata Principlesstandard permissions, rules on liablility etc?] • Contracts – Consents etc given under Contracts – [standard Midata permissions or Midata sharing agreements?]
  • 7. Midata Scenario 1 1. ID authentication (“auth”) 2. Midata request Supplier Customer 3. Midata transfer Supply contract
  • 8. Midata Scenario 2a PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract
  • 9. Midata Scenario 2b PIM 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
  • 10. Midata Scenario 2b Co-regulatory PIM relationship? 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
  • 11. Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Supply contract PIM Service contract 3PS Service contract
  • 12. Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
  • 13. Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
  • 14. Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
  • 15. Midata Scenario 3c 3PS 6. Midata transfer 4. ID auth. 5. Midata Request 1. ID auth Supplier 2. 2. Midata request Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
  • 16. Common Operational Risks • Failure to identify one or more parties • Fraudulent impersonation of one or more parties • ‘Wrongful’ refusal to release midata • Interception of messaging and/or midata in transit • Wrong midata released • Midata is inaccurate, late and/or unreliable • Midata is false, altered or corrupted • Midata misuse: – loss – destruction – storage longer than agreed/necessary – wrongful disclosure – use for an illicit purpose (including breach of IPRs)
  • 17. Common Operational Controls/Challenges • Identity authentication/assurance for all parties • Release of correct midata • Secure transmission, processing, storage of midata • Preserving secrecy/confidentiality of midata content • Maintaining authenticity and integrity of midata • Ensuring accuracy, timeliness and reliability of midata • Guarding against various types of midata misuse • Vesting and protection of intellectual property rights in midata and/or midata databases
  • 18. Midata-specific Challenges • Midata portability? • Extent of ‘agency’ involved in personal information management by PIM • Midata ‘community’ issues: – Principles of reciprocity? – Appropriate grounds for refusal to release? – Mirror CRA and/or DCC environment? – Apportionment of liability for various heads of loss or damage? – Complaints handling? – Enforcement? – Mapping midata to legal rights/obligations to customer permissions => a ‘personal data mark-up language’ (WEF “Rethinking Personal Data”)
  • 19. Comments Comments welcome via the related post at The Fine Print: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html