Posted on: Wednesday 16th of December 2009
Here’s the text of a talk I gave today in Russell Sq at the invitation of the Identity and Passport Agency and the IT trade association Intellect.
We’ve run out of money. And officials and suppliers face the real prospect of a new
administration coming to power committed to abolishing “”ContactPoint””, “”CfH”” and ID
The Opposition goes further with a recurrent theme about restoring control of personal
data to individuals. First David Cameron then Pauline Neville-Jones raised it, then in
summer a CPS pamphlet spelt it out: It’s ours: why we, not government should control our
What does this mean? Has it been properly thought out? Surely they’re not suggesting
criminals edit their own records? Is this an irresponsible call for anarchy, or a imaginative
and sound way to more effective and efficient government?
Let’s start to exemplify the rational and courteous dialogue on government use of personal
data which Michael Wills called for last week. I’d like to echo his assertion that government
believes it is benign and law-abiding with the corresponding point that most people, too,
are generally benign, law-abiding and taxpaying. There are exceptions, but let us treat
them as exceptions. Let’s separate the enforcing state from the compassionate welfare
Now, we’re all familiar with the traditional customer information model in which large
organisations manage and communicate personal data in a “customer-centric” way.
In my 15 minutes I’d like
– first to advocate a complementary individual-centric model for personal data and ID
management, where the individual manages, collects, stores and communicates
their personal data
– then to point to the power, capability and value created when the two models work
– and finally to reflect how that supports the role of the individual in public services
SLIDE – ANCIENT PYRAMID
Here’s a metaphor for the organisational communication model for traditional customer
information. It’s familiar, solid, the very foundation of our civilisation. But it’s a limited, dark
place. You don’t want to be buried inside one, and that’s pretty much all it’s designed for.
Wonderful as they were for their time, we can make a lot of progress beyond this.
Here’s another illustration of the organisation communication model:
SLIDE – MYDEX CARTOON #1
Here’s an organisation acting as data manager, collecting, storing and sharing data in a
customer relationship management system to cement its place at the centre of all its
It seeks to gather, harvest, monetise and exploit all the customer data it can. The aim is to
cut costs, increase profits, increase trust, eliminate fraud and provide personalised
services which are more valued.
But in all too many cases – tell me if yours is any different – the data is incomplete,
duplicated, inaccurate. It wasn’t gathered with explicit consent. There’s no permission to
share it or use it for other purposes. Private companies face a growing regulatory cost.
Government’s response for public services is to loosen data protection provisions.
Despite the original promises of the CRM providers, organisations increasingly have to
acknowledge that on its own this model is surprisingly expensive, disappointing in its
efficacy, has a worrying tendency to erode trust, and can be seen by customers to lack
legitimacy. Whether you’re a phone company, bank, whether it’s the electoral roll or direct
marketing suppression files, wherever customers are able to choose to walk away from the
“relationship”, they now do so in droves.
For the individual too the purely organisation-centric model is very limited. It forces us to
work according to the specific procedures of each of the dozens of organisations we deal
with. Each has different logins, passwords, phone numbers, web forms or call centre
processes. At best we may be offered a TellUsOnce and we’ll share your data model of
Nectar, the car tax disk or, indeed, TellUsOnce itself (which has shortcomings. It isnt
available on the Internet, uses a proprietary internal system and deals only with public-
Consumer Focus reckons we spend one and a weeks a year navigating around all the
customer services and call centres we have to deal with. No-one except us seems to
ascribe any value to this time we waste.
MYDEX SLIDE TWO
This is what the individual-centric model we need to add to this looks like. It comprises:
i) an individual equipped with a smart phone or a terminal attached to the net. They need
some software: a digital identity, a rich personal data store architected to cover every
aspect of life in standard formats which correspond to the fields held on them by the full
range of organisations they deal with.
ii) The individual can provide and receive references and endorsements. They can for
example invoke authentication from organisations that support claims: DVLA, examination
boards, financial services companies. Perhaps, for a limited number of highly regulated
purposes, one might use the National ID Register.
iii) the third capability the individual needs is selective disclosure. This can be one-off for a
single transaction (hiring a car, applying for a benefit, buying life insurance). Here the
individual presents that data and only that data which they need and choose to share for
the purpose in hand. Or it can be on a “subscribe to me” model where they permission
partner organisations to get up-to-date details at any time. This could be name, address
and delivery instructions. It could be health, diet and exercise details. It could be their input
to the national census, done annually, or weekly.
All this plays out according to the principles of ID established earlier this decade by Kim
Cameron when he worked to repair the damage done by Microsoft’s disastrous foray into
Microsoft-centric identity management. Is anyone not familiar with Kim Cameron’s seven
principles (they’ve been nailed to the wall in the Scottish Exec for years now)? If not I can
put up slide at the end.
The advantages of adding the person-centric model to the existing organisation-centric
one are surprising and substantial.
MYDEX SLIDE THREE
The individual has control over what data is shared, with whom, and on what basis. They
have a single, consistent interface. It’s TellJustWhomYouWantJustWhatYouWant across
the full range of organisations – public and private – and people you deal with. It saves
them immense amounts of time, restores a sense of control and dignity, and opens the
way to all sorts of new customer-side services.
What’s more surprising are the possible range of benefits for the organisation. When
admin records are easily updated by customers themselves organisations save the cost,
and gain all the benefits of more accurate data.
The sense of trust and control people will have over their personal data is prerequisite to
opening up and sharing all sorts of valuable new data to mutual benefit.
This shift in control will cause apprehenion. Direct marketers are petrified of allowing
customers to opt out. But some are starting to realise the scale of the opportunities when
customers have the ability to opt back in to specific services and on an entirely
permissioned basis. It also means customers can take the same shopping cart anywhere
on the net, integrate and mash up their buying data and start to explore future intentions
safely. It removes the “big brother” overtones of centralised databases because it is
explicitly and 100% permissioned by the user. It guarantees consent and builds legitimacy.
SLIDE: LOUVRE PYARMID
To return to our metaphor, it’s as if our org-centric dark, primitive burial ground for personal
data is joined and suffused by a far larger pyramid of light.
It brings into our social and economic electronic transactions a range of new sorts of
information – intentions, real preferences, the full richness and detail of life which only we
know in all our diversity and unpredictability. Take the woman who wants to get married
next year, move house, buy a car and go on holiday in her married name but at the same
time to be known by her maiden name professionally. To her this is common sense. For
dozens of disconnected CRM systems it’s a logistical nightmare.
SLIDE – CTRL-SHIFT SCHEMATIC
When you put the two together – and the logic here is AND, not OR – structured, scalable,
volunteered and permissioned personal information can flow both ways to the huge benefit
of all parties.
In the next decade Ctrl-Shift’s research forecasts the successful introduction of
volunteered personal information based on the person-centric model will bring a explosion
of value when combined, especially in online services, with the existing organisation-
CTRL-SHIFT MARKET SIZE SLIDE
The full range and scale of volunteered personal information will be an order of magnitude
more valuable than the volunteered data which creates the core of Google’s value today.
We should not see this as a rehashed “public versus private” debate. It’s not about simply
dropping NHS health records for Google health records or Microsoft health records.
It’s about the individual as logical point of integration for their own personal data, as the
person best placed to define and invoke the personalised services they need and to which,
with outside help, they can prove they are entitled.
Think about the mathematics of it. Data volumes around a person are growing
exponentially. Running to keep up with that just leaves the organisation further and further
behind. The ONLY way through that is to adopt a new model which puts the individual at
The individual will of course need new tools. As well as new software, they’ll need new
terms & conditions, data standards, and institutional help.
The first step is for institutions such as government to follow the lead of social networks
and start to accept external third-party IDs. The US administration announced such a
move in September. Last week the US National Institute for Health demonstrated it live for
the first time.
Already a dozen companies including AOL, Google, eBay’s PayPal, Verisign, Equifax
Axciom and Yahoo are queuing up to offer such services. The suppliers are here already.
If organisations want the win-win; if they want the truly valuable data feeds, they’ll need to
examine their readiness for volunteered personal information. They will have to relinquish
their attempts to control personal data. Ctrl-Shift’s research suggests the winners will be
ROLE OF INDIVIDUALS IN PUBLIC SERVICES
To conclude: what does this mean for the role of individuals in the provision of public
The attempt to recast people as customers of public services was intended to be helpful
but has limits. It’s not simply that often there isn’t real choice. The Archbishop of
Canterbury pointed out long ago that education, health or a safe society aren’t things
public servants do to us or sell to us. We choose how to behave on the streets, how hard
to study, what to eat, whether to drink and smoke and what sort of exercise to take. That’s
the sense in which Rowan Williams tried to speak of us as “agents” in our health and
We see this kind of active participation in the emergence of “participative medicine” or co-
managed care, and in the co-creation of new health services by exemplary service
designers such as thinkpublic. Tessa Jowell spoke yesterday about the role of co-
operatives in public services, Nesta published work yesterday on the co-construction of
outcomes, and Smarter Government and the new NHS white paper echo such themes.
The addition of a person-centric model for personal data and identity management
– personal responsibility
– cost-effective and accurate personalisation
– the permissioned sharing of data for research and statistical purposes
– demand modelling and forecasting
– crowdsourced reputation management for individuals and service providers
– privacy, dignity and human rights
It’s a powerful set of benefits in the context of today’s public services. So: where do we
start when you come back to the office on 5 Jan?
If your work is in education, make sure you understand the implications of a personal
portable education record. Nesta has done three stages of work on this already, including
an exploratory RFI to have such a service supplied.
If you work in health, you’ll need the same for a personal portable health record. Exactly
where is this market today? How would a PPHR help us save £20-30bn from the NHS
budget? What is its relationship with participatory medicine or co-managed care, lean
health services, preventive medicine, self help, self service and medical research?
If you work with customers’ personal data generally make sure you have a roadmap of the
rise of volunteered personal information and how it will unfold. If VPI creates the value of
ten Googles within a decade, that’s a lot of displacement and a lot of opportunity. Make
sure your organisation is ready.
If you’re planning to invest in a CRM system, or if you supply them, you will want them to
be (in the Harvard jargon) VRM-enabled.
If you’re committed to delivering personalisation, make sure your plans draw on the
potential of the person-centric model to let your customers help you. Ctrl-Shift’s first large-
scale study on this for a UK public-sector client suggests five-fold savings for the public
sector from a personalisation strategy based on the person-centric model of VPI, along
with vast savings in time for the customers.
Perhaps someone in this audience will participate the UK’s first live person-centric data
If that turns out to be the case, I’ll be doubly delighted to have been asked to speak to you