Political Innovation no6: Citizen-control of personal information

This is a cross-post by William Heath – originally posted on the Political Innovation site here.

If the big political innovation of the moment is to give power back to people, then a good place to do it is with personal data.

Whose data is it anyway? Whose health, whose education, whose identity, whose shopping history, bank details, travel plans, creditworthiness? Yet all these personal details, which affect us, are stored on hundreds of state and private-sector databases.

If I said there were 50bn personal records for the UK’s 50m people no-one would know to contradict me, and whether in truth there were more or fewer.

What we can all agree is that it’s a major, right old pain for the individual to update every single organisation we deal with each time our circumstances change, when we move house or just lose our wallet. People’s attitudes towards what happens with their personal data lies somewhere between depressed and in denial. Many undervalue their personal data. Most behave irrationally about it, and inconsistently.

It wastes untold amounts of money, public and private and a huge amount of our time. It’s a logistical mess. It’s an affront to human dignity as well as business efficiency.

The political response is pretty easy. Stop assuming that large central databases will solve health, education, obesity. Stop assuming that only the organisation has the ability or the right to store, manage and transmit personal data. The cancellation of the National ID Scheme and of the ContactPoint databse is a good start. Note to Chris Huhne: commissioning a centralised smart-metering system at this moment would be a folly. There’s a different, much better way to do it.

The US Veterans health administration (a bigger health service than our own NHS) shows an alternative way. President Obama recently unveiled a “blue Button” for vets. It’s marked “Download my data”. The patient self-identifies online, then downloads their electronic health record in structured format. Let’s have those buttons for the health record, for education, for jobseekers as well as from banks, supermarkets and credit bureaux.

The missing element is the secure personal data store, under the control of the individual. The are various options for his, but the one we’ve been working on at the Young Foundation is called Mydex. It’s a social enterprise – a Community Interest Company – designed to help individuals realise the value of their own personal data. Live service starts next month. It will show that when individuals store and manage their data, with external verification of their claims, they can, if they so choose, help organisations towards cleaner, more accurate records.

The logistics are self-evident: individuals know their own data better. They know things about themselves no amount of CCTV or behavioural psychology will ever grasp. They are the single and only rational point of integration for their own lives. One plank of a Big Society (as Geoff Mulgan argues in his new essay Investing in Social Growth) is restoring right and control over personal data. It’ll save money, restore efficiency to processes cripples by bad data logistics, and create immense new wealth.

About Political Innovation

We’d be very interested to hear any ideas that you have for an essay of your own –we’ll need an email and we’ll want to discuss it with you before it goes on the site. All contributions will be archived on www.politicalinnovation.org – along with details of what we’re looking for from essayists and a bunch of FAQs and a guide to how we hope the whole thing will play out.

I hope you’ll get involved in this as a commenter, participant or maybe even as an essayist. We will be organising free open events in Edinburgh and Belfast to workshop these ideas and you are welcome to come along. Make sure you don’t miss anything by joining our Google Group, subscribing to the blog RSS feed, getting each post emailed to you and, of course, following us on Twitter and Facebook.


  • fitzjameshorse1745

    “Databases which store our personal information” are a touchstone issue rather than a “real issue”.
    We are…and certainly I am……instinctively against these databases (and certainly against the ID card idea). If stopped on the street and asked if we are for or against “databases storing our personal information” (a perjorative term but Id feel the same about any neutrel term) we would tick the box that we are strongly or moderately against the idea.
    Depressingly the answer to the question will be stored in a database.

    So while we are against these databases in some vague but principled way, our very real actions suggests otherwise.
    Just how many people know my mothers maiden name…the name of my first pet…the name of my favourite football team……before they will even talk to me……..is not something about which I feel great. But on balance its harmless enough. And it allows me the chance to have fun with “cold callers”. “My date of birth……hmmmmm not sure….hold on while I look it up”.

    But of course there IS a difference between banks and private companies holding info on me and government departments.
    To be honest private companies bother me more.
    I dont know if its true or just an urban myth that supermarket loyalty cards are used to track a persons life thru their purchases. Ooops shes buying baby food…..lets send her a toy catalogue.
    Targetting marketing might actually be useful to us all as it (might) keep prices down. We do of course have some kinda control over information stored by private companies or banks.
    Perhaps we have none over our doctors or tax or police records.
    But we never did when the info was held in “paper form” and its actually a myth that “more” information is held in computers.
    Taking the doctors example. It strikes me as reasonable……indeed vital that a patient makes full disclosure of illnesses, surgeries and allergies. Sensible that its stored on computer. Might actually be safer there under password lock than held on paper files. The receptionist (and I m sure that 90% wouldnt dream of it) might be interested that a patient had an abortion or STD 25 years ago.
    Data Protection has actually made it less likely that information held goes on to computer. Notoriously DHSS Job Centres literally marked the (index) cards of claimants and job seekers as a code for other co-workers.
    A TV documentary as long ago as the 1970s showed that notations such as “OTB” (over the brush) or “X” (Troublemaker) appeared on index cards. Likewise “NB” on an employers card indicated that the Job Centre should not send black applicants.

    Obviously its all about Balance. But a lot of this lies in our own hands rather than being the responsibility of legislators. No real point in a tax cheat or benefit fraudster lament about surveillance or civil libertarians about the Big Brother society when they are happily updating their relationship status on Facebook. Indeed that looks an excellent source for establishing the maiden names of a lot of mothers.

  • Pigeon Toes

    “The US Veterans health administration (a bigger health service than our own NHS) shows an alternative way. President Obama recently unveiled a “blue Button” for vets. It’s marked “Download my data”. The patient self-identifies online, then downloads their electronic health record in structured format”

    Wondering if the US “loses” as many medical records of their servicemen and women involved in the Gulf War, as the UK?


  • joeCanuck

    The trouble with this good idea is that this particular cat got out the bag and has already run amok.
    We will never be able to get back control of our information already in the hands of marketeers and social websites.
    It sort of snuck up on us.

  • Two successful examples.

    The technical one is Estonia. Whenever someone in government looks at your personal records (linked to your ID card) it is recorded. You can go on-line and find out who looked at your data.

    The non-technical one is in Australia. When I had several appointments with different doctors and a hospital ultrasound, they gave me all their notes, and told me to take them with me to the next appointment.

  • Thx for comments.

    Joe – it’s true. But it’s not really a cat out of the bag (which has an independent life) – your personal data has more like a half life. It decays and decreases in accuracy as your circs change. Question is where will the reliable and accurate flow come from in future, and if its you what will orgs have to do to gain your consent to keeping the feed alive?

    Dave – that’s like the “red-book” for maternal data here. Works well; we need a digital version.

  • I’m not sure that this is true Joe. I don’t think that it will be be a quick fix and I think it would involve privacy legislation (that the EU would possibly be in favour of and that the US would oppose with every fibre of it’s lobbying industry) but the concept itself should be sellable. After all, current data protection rules require occassional renewals of the mandate to use data – presumably, the point at which your data could be exclusively managed by yourself *could* be as long as this renewal period.

  • fitzjameshorse1745

    Indeed it snuck up on US.
    But the Internet/Computer guys knew exactly what they were doing.
    The problem is that we give up too much info voluntarily, while passively accepting that computers and the comic book guys on keyboard are too powerful.
    That cat is indeed out of the bag. And can never be put back thru legislation because of the global nature of the Internet.

  • So the data protection act was a complete waste of time and entirely useless? And there is no difference between privacy levels in the EU and the US?

    And is the fat that we have lost control of the small bits of information (email address, mothers maiden name etc) about ourselves a reason to not bother doing anything where we maintain and control (and withdraw access to) comprehensive data about ourselves?

  • fitzjameshorse1745

    Mr Evans I am merely pointing out that Data Protection Act and its cousin Freedom of Information Act merely encourage Govt Depts etc to do something different to keep ahead of the posse.
    And I think I am right in saying that the public willingly give up too much information.

  • Alan Maskey


    I see the Old Bill have to learn this now. Is it all a virtual world now?

  • Greenflag

    I would like to see a law passed whereby I could legitimately sue any b*******d -corporate or individual who sends me unsolicited e-mails 😉


    On this topic I received an e-mail recently from a sluggerite for whom I have the greatest respect based on his/her contributions on slugger who wished to ‘befriend’ me on some third party site . This I don’t do .

    I trust the said individual is not upset that I did not accept the invitation-nothing personal -but the truth is I can barely keep up with Slugger at times and although I would like to have time to post on other sites I’ve visited like Nevin’s Nalil and Malcolm Redfellows or the late Horseman’s ‘Ulsters Doomed ‘ or quite a few others – I just don’t have the time 🙁

    Perhaps in a few years time if we /they are all still around and the blogworld is still there 😉

    On the general subject above as raised by Paul Evans – I believe that the issue of the control of private information needs to be seriously addressed . Out of time right now but I would be of a similar mind to Fitzjameshorse1745 above .