We can all dream of a privacy perfect world … and the good news is that there are some elements available today to drive this privacy journey. One of these elements is a digital consent certificate process and this is what it can do for us. It can drive:
- Information accountability: Every company (and government department) must account for all of the information that they collect and process. How? Well, every company should obtain a digital consent certificate for every record they hold – i.e. 100 employees = 100 digital certificates. This will enable a digital server-based quick audit on information and drive active information lifecycle management in every company.
- Processing accountability: Every company should audit the processing of information against agreed terms from the person. This means, if they did not opt-in to their big data processing, their data should not be added to that processing pool. Practically, a digital consent certificate contains the agreed processing and can thus be used to audit systems at a digital level, enabling volume of processing and repeatability (with compliance).
- Authorised information services: Our world needs information to function, and companies need quality information to provide services and protect their customers from fraud. Therefore, we need access to secure information and privacy demands only authorised access to information. Any company or Government that provides information services should demand a digital consent certificate and state, no consent = no service. This will elevate all services and ensure no data leakage, and no over-sharing.
We estimate the number of information records in the market is roughly 20 times the population, and this will only increase. Currently less than 0.1% of these records are properly managed through their lifecycles, verified, and have digital consent available. We also estimate that at least 15% of these records should be removed or redacted from the current stores.
Another concerning problem that we have is that we have companies and institutions providing information to 3rd parties without proper access control. We must be very clear regarding security and access management in this regard and note that registering and paying a fee, and using the correct encryption technology is NOT adequate access control! It does NOT address legal interest nor does it cover the agreed information. (Access based upon verifiable access rights must include the parties, the agreed to information fields and the allowable period. This is the only way to ensure privacy.) These institutions include our Governments, Credit Bureaus, Insurance Companies, and Financial institutions that are “legally” sharing information. The tend to over-share information without proper consent verification, incurring the risk (and without consequence at this stage).
The light at the end of this privacy-information tunnel is that all these institutions can positively contribute to a privacy-first economy by adopting digital consent certificates. By making sure only authorised access to information is allowed and that only agreed information is shared. They can be leaders in privacy-based information that protects people and their revenues.
What would such an approach do for our world?
- There will be no data brokers or aggregators as they do not have consent and no right to hold or process your information. They will not get consent certificates.
- There will be less fraud as companies will be able to gain access to better fraud preventing services and new information sources.
- Less identity theft, as consent certificates are created with the insight of the person. You can block transactions before they happen.
- Large organisations will give you back the power to decide about your information – i.e. Social media giants can be audited for the information they process, every day.
- New levels of integrity in information and less proof of information requirements. Consent certificates will add value to existing data and validation sources.
- New value-added services based upon assurance in information and access to the person.
- Regulators and privacy commissioners will be able to audit companies and their compliance very quickly. No hiding from digital tools running against your own records.
If you are interest and want to see our digital consent certificates in action, please contact us at firstname.lastname@example.org