Sense and Non-Sense of a Personal Information Security Standard


Ulrich Atz · Open Data Institute

@statshero

You can access the slides at

http://theodi.github.io/presentations/personal-information.

Use arrows to navigate. Press 'f' for fullscreen. Press the Escape key to see all slides.

 ODI Creative Commons

"Tracking an individual is a lot like tracking a company."

Can we learn something from the business world?

The Problem

What guidelines do you use for your personal data?

It's on the internet!


Streisand Effect

Value?

OECD (2013), “Exploring the Economics of Personal Data: A Survey of Methodologies for Measuring Monetary Value”, OECD Digital Economy Papers, No. 220.

Address: $0.5
Birth date: $2
Social security number: $8
Employment history: $13
Unpublished phone number: $10-17
Military record: $35

The Problem

Should we actively manage our personal data?

Different types

ODI

Most common?

DADC – Perhaps with a public-private model

The Solution

ISO/IEC 27001
Information Security Standard

Is not the solution

What are the benefits of ISO/IEC 27001?

  • Identify risks and put controls in place
  • Flexibility to adapt controls to areas of your business
  • Gain stakeholder trust that their data is protected
  • Et cetera bla bla

Inspirations?

Labels

"Tidying up"

Understanding

The Problem


What guidelines do you use for your personal data?


Alternative: What is the problem?


Or: Can it be codified?

Ulrich Atz Stuart Harrison Tom Heath Sam Pikesley James Smith Jeni Tennison

Open Data Institute Tech Team
@ukoditech
info@theodi.org

ODI

http://theodi.github.io/presentations