Graham's Blog

I attended the European Leadership Forum 2007 by BusinessWeek at Claridges yesterday.
There were a number of interesting Keynotes and topics including Jim Murphy, minister for Europe, extolling the virtues of commitment to Europe until someone asked him why, in that case, the UK hadn't adopted the Euro, at which point it sort of fell apart. Lord Browne is always worth listening to, and Edward de Bono used an antique OHP to explain the future of 'thinking' which was fascinating and entertaining.
The Lunch Discussion, hosted and sponsored by Burson-Marsteller, emphasised the 'value' of reputation. This, given the recent HMRC debacle exposing 25 million UK citizens on the Child Benefits Agency database to risk of identity fraud, was extremely timely. Undoubtedly the reputation of UK Government has again suffered despite the mea culpa groveling but, according to the press reports that I have seen, there has been little or no recognition of the potential reputational damage and considerable inconvenience that the 25 million individuals could suffer above and beyond financial loss at their bank. HMRC lost similar 'sensitive data' pertaining to 15,000 Standard Life customers in September and, in October, a laptop containing 2,000 individuals ISA data was just one of 41 such 'thefts' in the last year according to The Times yesterday.
I accept that we all make mistakes and, hopefully, learn by them. The government seem to make the same mistake over and over again. Surely Data Breach Notification, as requested by Richard Thomas the Information Commissioner, would be a good first step.
A number of delegates asked me if this could have happened if the government had been using the PAOGA architecture. Simply, No! We have always maintained that 'sensitive data' should be separate from 'application data' so that the NAO request for aggregated data 'without sensitive data' would not have been met with the HMRC response 'too expensive to do'. Indeed, the resulting data set would have no value if lost or stolen and would contain no risk to the 25 million individuals as each record would be unattributable.
So, how do you think that citizens will respond to the National Identity Register or the National Patient Records database now?
Private companies, who have also 'lost' vast amounts of sensitive data, are just beginning to realise the implications and potential consequences of being cavalier with their customers sensitive information and, given the growing influence of social networks and bloggers that were illustrated by Burson-Marsteller, recognise that things have to change. A customer can and do walk away from a supplier they don't trust but it is more difficult for a citizen to walk away from a government they don't trust or a patient from the NHS.
VRM (Vendor Relationship Management) provides individuals with the tools to manage and share relevant information 'under their control, with their consent, for their benefit' as an alternative to CRM which is, by definition, enterprise-centric.