I recently found myself invited to an event at the former London home of Lord Kitchener, now the imposing home of the Institute for Government. The topic for the evening was volunteered personal information (VPI).
VPI’s ambition is to provide a better model for safeguarding personal data. The event was certainly well timed, coming as it did on top of recent comments from the Information Commissioner that 80 per cent of the population is concerned about protecting personal information online. Some private-sector firms like Amazon and eBay already let us directly maintain our own personal data, but VPI take things further.
Instead of every organisation building its own system to acquire, store and maintain our personal data, the objective of VPI is to let us store our own personal data in a secure place of our own choosing. Organisations could be granted access to the information when needed, but would no longer have the costs and risks of acquiring and maintaining it, and our personal information would no longer be duplicated across every single online organisation that we interact with.
The Institute’s briefing focused on a promising public sector prototype currently being developed between Brent Council and the community interest company Mydex.
But if it is to succeed on a bigger scale, VPI will require all of us to rethink our approach to information management and governance, something that will present a particularly challenging mindshift for government. Government has traditionally tried to position itself as the custodian of our personal data, procuring and building large centralised databases in multiple places to hold citizens’ information.
VPI, which places the citizen at the centre, seems far more logical in terms of information architecture, risk management, cost and compliance, particularly with relation to the obligations of the Data Protection Act. It also offers the potential to crack several long-standing problems – informed user consent, poor data quality and control over our own personal data.
The real test for VPI will be to move into the mainstream, a challenge that is as much cultural as it is technical. VPI will only truly deliver on its promise when we have our personal data under our own control. And if it can deliver that, there will at least be one less risk for us to worry about when trying to protect our online personal information.
Jerry Fishenden is a director of the Centre for Technology Policy Research