Sense and Non-Sense of a Personal Information Security Standard

Ulrich Atz · Open Data Institute


You can access the slides at

Use arrows to navigate. Press 'f' for fullscreen. Press the Escape key to see all slides.

ODI Creative Commons

"Tracking an individual is a lot like tracking a company."

Can we learn something from the business world?

The Problem

What guidelines do you use for your personal data?

It's on the internet!

Streisand Effect


OECD (2013), “Exploring the Economics of Personal Data: A Survey of Methodologies for Measuring Monetary Value”, OECD Digital Economy Papers, No. 220.

Address: $0.5
Birth date: $2
Social security number: $8
Employment history: $13
Unpublished phone number: $10-17
Military record: $35

The Problem

Should we actively manage our personal data?

Different types


Most common?

DADC – Perhaps with a public-private model

The Solution

ISO/IEC 27001
Information Security Standard

Is not the solution

What are the benefits of ISO/IEC 27001?

  • Identify risks and put controls in place
  • Flexibility to adapt controls to areas of your business
  • Gain stakeholder trust that their data is protected
  • Et cetera bla bla



"Tidying up"


The Problem

What guidelines do you use for your personal data?

Alternative: What is the problem?

Or: Can it be codified?

Ulrich Atz Stuart Harrison Tom Heath Sam Pikesley James Smith Jeni Tennison

Open Data Institute Tech Team