The last few days have been spent talking about data breaches. First the Carphone Warehouse breach with BBC Breakfast (the comments from which were then cribbed for a few hundred articles online, including the BBC). Then the Big Brother Watch report about breaches from local councils (usually of a much smaller magnitude, albeit still serious).
The question I kept being asked is an obvious one: what can we do to prevent breaches?
I gave a fairly slippery answer most of the time: make a value judgement about what you share, etc etc etc. Because the real answer is somewhat beyond the scope of a four minute TV or radio interview.
Put simply, I can’t see that we will ever be able to secure large stores of personal data in single, centralised repositories. The rewards for attacking them are just so great, and the potential gaps in any security so numerous, that those trying to protect them will always be fighting a losing battle. We can keep most of the data secure most of the time, but somehow, someone will always find a way into even the most diligently protected databases. Just look at the recent research reports into hacking air-gapped computers. Or see what creative minds like Samy Kamkar can come up with.
So what’s the alternative?
Right now, there isn’t one. We store data in these big central repositories because that’s how we have to store it in order for it to be usable. Why did Carphone Warehouse have 2.4 million people’s records in one big database? Because every week it is calling, mailing, emailing and billing those people. Storing that data in any other fashion would make this difficult and inefficient.
But what if they didn’t have to store any personal data at all?
Imagine you want to start a billing relationship with a company. Rather than handing over loads of information about yourself, you simply issue a token to them. This token gives them the right to bill you but carries no information about who you are. It can be revoked at any time if it is compromised.
The billing instruction is carried back to you in a similarly unidentifiable tokenised fashion.
This doesn’t stop your identity data being stolen but it does eliminate the giant pots of personal data that are so attractive to hackers, and so damaging if compromised. You can change a token. It’s rather harder to change your name.
Of course this approach is riddled with problems. How does a company build a relationship with a token? How does it verify identity, or conduct credit checks? There are many more questions.
Answering them all would mean a very serious restructuring of our relationships with large organisations. However much they may talk about being ‘customer centric’, every large organisation operates with itself at the centre and the customers at the edge. Truly putting customers (or citizens, in the case of the public sector) at the heart of the organisation requires a fundamental change in thinking and behaviour.
My Stratification framework is one way to approach this, proposing as it does a visualisation of the organisation as a series of layers, with a unified and consistent ‘communications’ layer between the organisation’s processes and the customer.
But structure and strategy can only take you so far. Companies and their leaders must want to change. And there may be many more data breaches before that starts to seem appealing.