Dealing with PII is a massive headache for the industry and it isn’t going to be solved by throwing bodies at the problem. What the industry needs to do is follow the lead of our customer, the Estonian Government. Regulatory problems can be solved with technology and KSI is the morphine for this headache.
How does KSI solve the problem?
Think of a KSI signature as a tag for electronic data that binds meta-data to the data in such a way that the meta-data cannot be manipulated allowing any type of data to be tagged, tracked and located throughout its lifecycle.
By tagging data at source and including PII information as meta-data, along with policies i.e. how consumers want their data to be used then that meta-data will remain for the life of that data no matter which organizational or service provider boundaries it has crossed.
Self Auditing Systems
Next step is to define business policies and ensure that those policies comply with all compliance requirements. It then becomes possible to prove to regulators not only the what, when and where of PII information but also to have strong proof of process integrity – the system can audit itself by verifying that the rules are being followed and raising an alert when they are not.
Peter Guerra, a Principal at Booz Allen Hamilton, has come close to proposing an implementation with his firm’s concept of “data lakes”, a series of big data platforms that enable clients to inject any type of data and to secure access to individual elements of data inside the platform. KSI is the technology that can implement data lakes at the scale needed for modern advertising platforms.
There is a strong parallel in the military. When Top-Secret information is aggregated with Secret information then the aggregate pool takes on the characteristics of the highest security level in the pool (or lake as Guerra would define). If we replace Top-Secret with PII then we can aggregate data across multiple silos and share that information with advertisers in such a way that there is strong independent proof for regulators that rules have been followed.
Proof not Transparency
“Transparency reports” remind us of Soviet production reports – a noble and worthwhile goal but how can you trust the message if you can’t trust the messenger? What consumers and regulators need is proof that the message is accurate and rules are being complied with.
KSI achieves exactly that for the digital world – proof for regulators auditors and consumers to verify everything that happens to data, independently from those who are responsible for managing it.