SlideShare ist ein Scribd-Unternehmen logo

Midata Thoughts No. 1

Simon Deane-Johns
Simon Deane-Johns

My initial thoughts following discussion of the roles of participants, process flows, the developing co-regulatory environment, risks, controls and challenges. I have also included scenario diagrams covering the three types of scenarios involved. Comments welcome here: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html

Technologie
1 von 19
Downloaden Sie, um offline zu lesen
Midata Thoughts Draft v1.2 Simon Deane-Johns Consultant Solicitor and Member of the Midata Interoperability Board 14 December 2012
Contents • Overview • Participants/roles • Process flows • Developing co-regulatory environment • Scenario diagrams • Common operational risks, controls, challenges • Midata-specific challenges
Overview • The voluntary Midata programme involves a Supplier making each Customer’s transaction data available to the Customer in computer-readable format (“midata”). • This suggests three types of scenario: 1. Release of midata by the Supplier to the Customer 2. Release of midata by the Supplier to the Customer’s duly authorised Personal Information Manager (“PIM”) 3. Release of midata by Supplier to Customer/PIM, who transfers it to a third party supplier (“3PS”)
Participants/Roles • Supplier – Supplier of goods or services whose systems generate midata (e.g. utility, bank, telco) – Includes Supplier’s own outsourced service provider(s) • Customer – person or micro-business who interacts with Supplier to produce midata • Personal Information Manager acting for the Customer (“PIM”) – Passive data repository • Only receives, stores and/or transmits the data • can’t ‘see’ or otherwise process content • ‘mere conduit’? – Active data repository • Stores data • Adds value by analysing or otherwise processing data • May alter content • Third Party Supplier (“3PS”) – Entity other than the Supplier/PIM to whom Customer/PIM supplies ‘midata’ for use only for the purpose of supplying goods or services to the Customer
Process Flows Midata involves two separate process flows: • Transaction flows – Offer and acceptance => contract between each of Customer, Supplier and PIM – Messaging, including identification of each party, data release request, confirmation of receipt etc. • Midata flows – Actual transfers of midata [Funds flows related to payments due between participants are currently out of scope]
Developing Co-regulatory Environment • Data Protection Act 1998 (“DPA”) etc supervised by Information Commissioner’s Office (“ICO”) and related exemptions • Guidance etc issued by ICO • Sector-specific law/regulation – Sections 9 DPA and 159 of Consumer Credit Act 1974, applicable to credit reference agency data – Electricity Act, Gas Act => Data and Communications Company – [new Telecoms/banking/consumer credit regulation] • Industry Codes – Principles of Reciprocity (Credit Reference Agency data) – Smart Energy Code – [Other sector codes] – Security standards, Privacy by Design etc. – [Midata Principlesstandard permissions, rules on liablility etc?] • Contracts – Consents etc given under Contracts – [standard Midata permissions or Midata sharing agreements?]
Midata Scenario 1 1. ID authentication (“auth”) 2. Midata request Supplier Customer 3. Midata transfer Supply contract
Midata Scenario 2a PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract
Midata Scenario 2b PIM 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
Midata Scenario 2b Co-regulatory PIM relationship? 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Supply contract PIM Service contract 3PS Service contract
Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
Midata Scenario 3c 3PS 6. Midata transfer 4. ID auth. 5. Midata Request 1. ID auth Supplier 2. 2. Midata request Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
Common Operational Risks • Failure to identify one or more parties • Fraudulent impersonation of one or more parties • ‘Wrongful’ refusal to release midata • Interception of messaging and/or midata in transit • Wrong midata released • Midata is inaccurate, late and/or unreliable • Midata is false, altered or corrupted • Midata misuse: – loss – destruction – storage longer than agreed/necessary – wrongful disclosure – use for an illicit purpose (including breach of IPRs)
Common Operational Controls/Challenges • Identity authentication/assurance for all parties • Release of correct midata • Secure transmission, processing, storage of midata • Preserving secrecy/confidentiality of midata content • Maintaining authenticity and integrity of midata • Ensuring accuracy, timeliness and reliability of midata • Guarding against various types of midata misuse • Vesting and protection of intellectual property rights in midata and/or midata databases
Midata-specific Challenges • Midata portability? • Extent of ‘agency’ involved in personal information management by PIM • Midata ‘community’ issues: – Principles of reciprocity? – Appropriate grounds for refusal to release? – Mirror CRA and/or DCC environment? – Apportionment of liability for various heads of loss or damage? – Complaints handling? – Enforcement? – Mapping midata to legal rights/obligations to customer permissions => a ‘personal data mark-up language’ (WEF “Rethinking Personal Data”)
Comments Comments welcome via the related post at The Fine Print: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html

Empfohlen

Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Simon Deane-Johns
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 
Ecommerce Chap 08
Ecommerce Chap 08Ecommerce Chap 08
Ecommerce Chap 08Pimsat University
 
Digital signatur
Digital signaturDigital signatur
Digital signaturRuwandi Madhunamali
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Digital signature
Digital signatureDigital signature
Digital signaturegajerachetan
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureMelwin Mathew
 

Empfohlen

Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Midata thoughts 121212 v2.0
Midata thoughts 121212 v2.0Simon Deane-Johns
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 
Ecommerce Chap 08
Ecommerce Chap 08Ecommerce Chap 08
Ecommerce Chap 08Pimsat University
 
Digital signatur
Digital signaturDigital signatur
Digital signaturRuwandi Madhunamali
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Digital signature
Digital signatureDigital signature
Digital signaturegajerachetan
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureMelwin Mathew
 
Digital signature
Digital signatureDigital signature
Digital signatureAbdullah Khosa
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesEhtisham Ali
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureRahul Yadav
 
Digital signature
Digital signatureDigital signature
Digital signatureMohanasundaram Nattudurai
 
Dsc ppt
Dsc pptDsc ppt
Dsc pptEarnlogicconsultants
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...IOSR Journals
 
Fu3111411144
Fu3111411144Fu3111411144
Fu3111411144IJERA Editor
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling FraudMike Batton
 
It act
It actIt act
It actYogesh Thawait
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment TokenizationHamid Ghorbani
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2Ankita Dave
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionIDES Editor
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
D.Silpa
D.SilpaD.Silpa
D.Silpast anns PG College,Mallapur,Hyderabad, India
 
Esign or Electronic Signature
Esign or Electronic SignatureEsign or Electronic Signature
Esign or Electronic SignaturePiChainAdministrator
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01Damrongsak Kobtakul
 
Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjSimon Deane-Johns
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Simon Deane-Johns
 

Weitere ähnliche Inhalte

Was ist angesagt?

Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesEhtisham Ali
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureRahul Yadav
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...IOSR Journals
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling FraudMike Batton
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2Ankita Dave
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionIDES Editor
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01Damrongsak Kobtakul
 

Was ist angesagt? (20)

Digital signature
Digital signatureDigital signature
Digital signature
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Dsc ppt
Dsc pptDsc ppt
Dsc ppt
 
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...
 
Fu3111411144
Fu3111411144Fu3111411144
Fu3111411144
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
 
Throttling Fraud
Throttling FraudThrottling Fraud
Throttling Fraud
 
It act
It actIt act
It act
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
 
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2
 
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionAn Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous Transaction
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
D.Silpa
D.SilpaD.Silpa
D.Silpa
 
Esign or Electronic Signature
Esign or Electronic SignatureEsign or Electronic Signature
Esign or Electronic Signature
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
 

Andere mochten auch

Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjSimon Deane-Johns
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Simon Deane-Johns
 
Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Simon Deane-Johns
 
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersHow P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersSimon Deane-Johns
 
Response to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalResponse to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalSimon Deane-Johns
 
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Simon Deane-Johns
 
Enabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsEnabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsSimon Deane-Johns
 

Andere mochten auch (8)

Regulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdjRegulating peer to-peer and alternative finance - sdj
Regulating peer to-peer and alternative finance - sdj
 
Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12Proposed amendments to the financial services bill sdj 21 06 12
Proposed amendments to the financial services bill sdj 21 06 12
 
Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013Response to EC crowdfunding consultation Dec 2013
Response to EC crowdfunding consultation Dec 2013
 
02 e
02 e02 e
02 e
 
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory BarriersHow P2P Finance Models Work: Risks, Controls and Regulatory Barriers
How P2P Finance Models Work: Risks, Controls and Regulatory Barriers
 
Response to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - finalResponse to FCA crowdfunding consultation simon deane-johns - final
Response to FCA crowdfunding consultation simon deane-johns - final
 
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...
 
Enabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-JohnsEnabling The Growth of P2P Finance - Simon Deane-Johns
Enabling The Growth of P2P Finance - Simon Deane-Johns
 

Ähnlich wie Midata Thoughts No. 1

Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloudCloud Legal Project
 
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiquesSerrerom
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectBjorn Hjelm
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateBjorn Hjelm
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009Jason Edelstein
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011Andris Soroka
 
Analyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesAnalyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesCGI
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewJohn Blue
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileBjorn Hjelm
 
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4Capgemini
 
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCapgemini
 
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyA Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyIDES Editor
 

Ähnlich wie Midata Thoughts No. 1 (20)

Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloud
 
Mb2420032007
Mb2420032007Mb2420032007
Mb2420032007
 
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques#AssurTech : BlockChain et assurance : des POC aux applications pratiques
#AssurTech : BlockChain et assurance : des POC aux applications pratiques
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
Mis06
Mis06Mis06
Mis06
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile Connect
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
Bg24375379
Bg24375379Bg24375379
Bg24375379
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & Cloud
 
Analyst briefing session 2 the security challenges
Analyst briefing session 2 the security challengesAnalyst briefing session 2 the security challenges
Analyst briefing session 2 the security challenges
 
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust OverviewGary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
Gary B. Rodrigue - What is Blockchain? IBM Food Trust Overview
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile Profile
 
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
CWIN17 Frankfurt / ibm_watson_io_t_platform_and_blockchain_v4
 
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchainCWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
CWIN17 Frankfurt / ibm_watson_iot_platform_and_blockchain
 
MIFID II and GDPR
MIFID II and GDPR MIFID II and GDPR
MIFID II and GDPR
 
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyA Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
 

Mehr von Simon Deane-Johns

Trends in Digital Regulation
Trends in Digital RegulationTrends in Digital Regulation
Trends in Digital RegulationSimon Deane-Johns
 
Embedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCAEmbedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCASimon Deane-Johns
 
My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2Simon Deane-Johns
 
Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Simon Deane-Johns
 
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Simon Deane-Johns
 

Mehr von Simon Deane-Johns (6)

Trends in Digital Regulation
Trends in Digital RegulationTrends in Digital Regulation
Trends in Digital Regulation
 
Embedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCAEmbedding Encouragement of Innovation Across the FCA
Embedding Encouragement of Innovation Across the FCA
 
My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2My response to HM Treasury consultation on Implementing PSD2
My response to HM Treasury consultation on Implementing PSD2
 
Crowdfunding sdj oct 2014
Crowdfunding sdj oct 2014Crowdfunding sdj oct 2014
Crowdfunding sdj oct 2014
 
Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final Submission to commission on banking standards sdj 08 02 13 final
Submission to commission on banking standards sdj 08 02 13 final
 
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12
 

Kürzlich hochgeladen

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Kürzlich hochgeladen (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Midata Thoughts No. 1

  • 1. Midata Thoughts Draft v1.2 Simon Deane-Johns Consultant Solicitor and Member of the Midata Interoperability Board 14 December 2012
  • 2. Contents • Overview • Participants/roles • Process flows • Developing co-regulatory environment • Scenario diagrams • Common operational risks, controls, challenges • Midata-specific challenges
  • 3. Overview • The voluntary Midata programme involves a Supplier making each Customer’s transaction data available to the Customer in computer-readable format (“midata”). • This suggests three types of scenario: 1. Release of midata by the Supplier to the Customer 2. Release of midata by the Supplier to the Customer’s duly authorised Personal Information Manager (“PIM”) 3. Release of midata by Supplier to Customer/PIM, who transfers it to a third party supplier (“3PS”)
  • 4. Participants/Roles • Supplier – Supplier of goods or services whose systems generate midata (e.g. utility, bank, telco) – Includes Supplier’s own outsourced service provider(s) • Customer – person or micro-business who interacts with Supplier to produce midata • Personal Information Manager acting for the Customer (“PIM”) – Passive data repository • Only receives, stores and/or transmits the data • can’t ‘see’ or otherwise process content • ‘mere conduit’? – Active data repository • Stores data • Adds value by analysing or otherwise processing data • May alter content • Third Party Supplier (“3PS”) – Entity other than the Supplier/PIM to whom Customer/PIM supplies ‘midata’ for use only for the purpose of supplying goods or services to the Customer
  • 5. Process Flows Midata involves two separate process flows: • Transaction flows – Offer and acceptance => contract between each of Customer, Supplier and PIM – Messaging, including identification of each party, data release request, confirmation of receipt etc. • Midata flows – Actual transfers of midata [Funds flows related to payments due between participants are currently out of scope]
  • 6. Developing Co-regulatory Environment • Data Protection Act 1998 (“DPA”) etc supervised by Information Commissioner’s Office (“ICO”) and related exemptions • Guidance etc issued by ICO • Sector-specific law/regulation – Sections 9 DPA and 159 of Consumer Credit Act 1974, applicable to credit reference agency data – Electricity Act, Gas Act => Data and Communications Company – [new Telecoms/banking/consumer credit regulation] • Industry Codes – Principles of Reciprocity (Credit Reference Agency data) – Smart Energy Code – [Other sector codes] – Security standards, Privacy by Design etc. – [Midata Principlesstandard permissions, rules on liablility etc?] • Contracts – Consents etc given under Contracts – [standard Midata permissions or Midata sharing agreements?]
  • 7. Midata Scenario 1 1. ID authentication (“auth”) 2. Midata request Supplier Customer 3. Midata transfer Supply contract
  • 8. Midata Scenario 2a PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract
  • 9. Midata Scenario 2b PIM 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
  • 10. Midata Scenario 2b Co-regulatory PIM relationship? 3. ID auth. 4. Midata request Supplier Customer 1. ID auth 2. Midata Request Supply contract PIM Service contract
  • 11. Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Supply contract PIM Service contract 3PS Service contract
  • 12. Midata Scenario 3a 8. Data transfer 3PS 7. ID auth PIM Transaction flow 3. ID auth; 4. Request Supplier Customer Transaction flow 1. ID auth; 2. Request Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
  • 13. Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
  • 14. Midata Scenario 3b 8. Data transfer 3PS 7. ID auth PIM 4. ID auth. 6. Midata 5. Midata Request transfer 1. ID auth 2. Midata request Supplier Customer 3. Midata transfer Co-regulatory Supply contract PIM Service contract 3PS Service contract relationships?
  • 15. Midata Scenario 3c 3PS 6. Midata transfer 4. ID auth. 5. Midata Request 1. ID auth Supplier 2. 2. Midata request Customer 3. Midata transfer Supply contract PIM Service contract 3PS Service contract
  • 16. Common Operational Risks • Failure to identify one or more parties • Fraudulent impersonation of one or more parties • ‘Wrongful’ refusal to release midata • Interception of messaging and/or midata in transit • Wrong midata released • Midata is inaccurate, late and/or unreliable • Midata is false, altered or corrupted • Midata misuse: – loss – destruction – storage longer than agreed/necessary – wrongful disclosure – use for an illicit purpose (including breach of IPRs)
  • 17. Common Operational Controls/Challenges • Identity authentication/assurance for all parties • Release of correct midata • Secure transmission, processing, storage of midata • Preserving secrecy/confidentiality of midata content • Maintaining authenticity and integrity of midata • Ensuring accuracy, timeliness and reliability of midata • Guarding against various types of midata misuse • Vesting and protection of intellectual property rights in midata and/or midata databases
  • 18. Midata-specific Challenges • Midata portability? • Extent of ‘agency’ involved in personal information management by PIM • Midata ‘community’ issues: – Principles of reciprocity? – Appropriate grounds for refusal to release? – Mirror CRA and/or DCC environment? – Apportionment of liability for various heads of loss or damage? – Complaints handling? – Enforcement? – Mapping midata to legal rights/obligations to customer permissions => a ‘personal data mark-up language’ (WEF “Rethinking Personal Data”)
  • 19. Comments Comments welcome via the related post at The Fine Print: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html