Posted on: Saturday 23rd of January 2010
Here’s a copy of the response I sent in, on behalf of Ctrl-Shift and of Mydex CIC, to Anne McGuire MP’s request for evidence about about the role of third sector organisations in personalisation. I copied it to HMG’s CIO John Suffolk who expressed an interest in the subject on his blog and to Martha Lane Fox because of the intersection with her vital work on digital inclusion
Third-sector role in personalisation of public services: note from Mydex CIC and Ctrl-Shift Ltd
The third sector has a crucial role to play in personalisation, so the answer to your question is an emphatic “yes”. But it may be a bigger, more fundamental, overarching and valuable role than is yet generally expected.
A common misunderstanding of personalisation is that it can be done effectively by organisations on behalf of, or for their customers. In reality, the best driver of personalisation is the person. Personalisation will best succeed when individuals are provided with the tools to make this possible. And the third sector will prove to be an important source for those tools and utilities, just as Mozilla and Ubuntu are already for software.
Mydex is a social enterprise, a Community Interest Company based in the Young Foundation, Bethnal Green. It has architected and shown working proof of concept of what is effectively a “personalisation utility”.
This comprises a rich and expandable personal data store under the user’s sole and unambiguous control, using structured personal data to emerging open standards.
It allows online authentication and verification from online services (so far to prove address, but this could be credit, qualifications, or entitlement eg to drive or work in the UK). It allows selective disclosure from the individual’s Mydex store to organisations such as potential employers, educational establishments, suppliers of a full range of goods and services, or public-service organisations.
A service such as Mydex (and there will be others, we know of several in development) allows the individual to record their end of all online dealings, to keep an enduring and verifiable record of their attributes, to transact in a structured “peer to peer” manner, and in due course to realise the value of their personal data.
This creates a win-win in dealings between individuals and organisations, and unleashes a new wave of economic benefit.
Ctrl-Shift provides research and advice to individuals in large organisations who can see this future and need evidence and guidance to make strategic plans for it.
It has researched the implications of such approaches to, for example, a Personal Portable Education Record, and for the personalisation of public services to businesses. Ctrl-Shift is happy to share this research with you subject to client consent, which is likely to be forthcoming.
It has researched the value created by the rise in volunteered personal information (see attached; the research is for sale on normal commercial terms). We are happy to talk through its implications for your enquiries.
What government can do
In our view Government needs to do very little, and probably at very little cost, to start making this work.
But it leads inevitably to a big cultural change which many parts of government may find hard (comparable, for example, to the change now under way with regard to use public data leading to the launch of data.gov.uk). It requires significant evolution in the “Transformational Government” IT strategy. Essentially it requires restoration of control and ownership of personal data to the data subject.
The government IT strategy needs to recognise that future access to online public services will be via third party digital identifiers (as the US already did in September 2009). This is probably a matter for Cabinet Office CIO team, endorsed by CESG.
The responsible departments (DoH and DCSF) need to announce that their central databases will provide APIs so individuals can access services using their own individual or third-party electronic health and education records, subject to conformance to data standards, and that individual or third-party records can be used throughout the public health and education systems.
DCLG needs similarly (with IDEA and local government groups such as Solace and Socitm) to set a lead that personal records will be the norm in dealing with local government. DWP will need to invite users to keep authoritative copies of their welfare records, and use them to correct and update their central data holdings.
This is not a “big bang”. There will no need to switch off “business as usual”. Rather, it’s first a change in mindset, then the deployment of some programming changes to add “application programme interfaces” to departmental systems so the organisation is able to receive structured personal data from the individual, on the individual’s terms.
If the conditions are right – it’s well designed, easy, free, and the process earns trust – the improved data, volunteered from individuals with independent verification where necessary, will start to flow. We foresee a gradual process of making it work well with early adopters before rolling it out. And even if adoption over time becomes near universal this form of personalisation will never suit more then 80-85% of the population. Distressed, elderly and chaotic clients will always need holistic hand-holding.
User-driven personal data stores such as Mydex should not be presented as a quick fix for the “digital divide” issue. Rather, it is one way of making it much easier for most people to transact with all manner of services. This includes those serving or acting with power of attorney, including remote power of attorney. Above all this allows people to personalise public services to their real needs and preferences.
DirectGov, the Gov Gateway and TellUsOnce services need to pilot a user-driven online identity, access and personalisation service which works for the individual not just across all public services but across the voluntary and private sectors as well. We believe there is some interest in doing this.
The clear implication and benefit of this approach is that it is the individual, not a range of public service organisations, who will do the joining up. Technically and socially we contend this is the only way personalisation is possible. We believe it’s demonstrably mathematically unfeasible to provide personsalised services to everyone by amassing central databases and joining them up. The problems of accuracy, intrusion are too great (and this in turn is problematic under European data protection and human rights law).
Personalisation driven by individuals using a service such as Mydex, on the other hand, brings accuracy, the vital forward-looking view, and auditable consent for any episode of data sharing. It will save significant amounts of money in data management, and vast amounts in due course because it provides a credible platform for self-service and much more targetted “just in time” public services.
Personally controlled digital records can for example be aggregated with permission by a trusted party. This would enable more holistic views to be taken of slices of life (e.g. my pension, my healthcare). Propositions and services built on top of this richer data are likely to lead to huge savings in some major expenditure areas such as the NHS, pension and education system.
Role of the third sector
The far-sighted tech companies now recognise and accept that personalisation must be done by the individual. They refer variously to “buyer-centric commerce”, “customer managed relationships” or (in the Harvard term) “vendor relationship management”.
Microsoft changed its course on this fundamentally eight years ago, dropping its centralised architecture Hailstorm, defining “seven laws of identity” and making key acquisitions to allow individuals to become the point of integration for the services they need. PayPal, Equifax, Axciom, Google and the social networking giants (who run systems far larger than any health welfare or education database in Whitehall) all recognise and want to control the market for individual’s personalisation.
But why should people submit all their most intimate personal information about every aspect of their lives to Google, Facebook, Paypal or Axciom any more than to DoH, DCSF or the Home Office? These companies are set up to provide different specific services in the interests of their shareholders. They do not act in the interest of the data subject any more than first-generation e-government policy does, and it will never be in their interests to. Google will always want your personal data, for its purposes not yours.
This is why we have identified the role of “identity foundation” or the utility which allows people to recognise the value of their personal data as a social enterprise. The cardinal requirement for this role is trust. A dedicated and asset-locked third-sector entity whose incentives are aligned as closely as possible with those of the individual data subjects has a particular contribution to make.
Both Mydex CIC and Ctrl-Shift Ltd are happy to provide examples, illustrations or evidence if you wish.