-
Notifications
You must be signed in to change notification settings - Fork 25
Potential Essential Elements of a PDS for Humans and Businesses
Following are initial draft regarding elements of a definition and characteristics pertaining to a PDS. This first draft has not been vetted fully or agreed by the MIT Human Dynamics Lab and is published on this Wiki merely to facilitate sharing and conversation.
There is no formal and widely agreed definition of a Personal Data Store at this time. Yet, the phrase is catching on, many companies are offering PDS services and research is advancing on the concept at a rapid rate. The below definition #1 is based primarily upon points of view expressed by proponents of Personal Data Stores as an important approach for solving privacy and access to personal data and advocating methods to respect the dominion of individual people over their own personal data. Definition #1 does not reflect hybrid or more moderate definitions that seek to use some of the capabilities of a PDS while blending with other more traditional capabilities that allow for example mere pointers to externally hosted and owned data sets at social networks or financial institutions. While valuable in their own right, these blended solutions make it more complex to arrive at a tight "base-case" definition of the term PDS as it is intended by those who are pioneering and advocating it's value and adoption.
The second definition is a first attempt to highlight some of the differences when a PDS is used for a business (eg copies of business filings with government, business proprietary media, business records, etc) and not for a person to store personal data about themselves (eg their medical records, their tax filings, their photos, their diaries, etc). There appear to be many valuable use cases and possibilites for new value that can be achieved when a PDS is applied for use by a business and at the same time, some assumptions no longer hold and require further refinement rather than direct linear application from a PDS used by/for a human being.
Also, please note that the term PDS when applied to a business was changed such that the "P" stands for "Protected" data and not "Personal" data. This is because, despite the technical legal point that corporations are deemed to be artificial "people", a business is not a human and it is useful to enable a distinction. It is certainly possible for a human user to have a "Protected" data store for a sole proprietorship under the definition below, and under more liberal or hybrid use cases a human user can use a Personal Data Store to house business records or a Protected Data Store to house PII or other personal records about themselves. These definitions are not meant to prevent or prohibit hybrids, but rather to offer a starting point for describing a clean and central anchor point reflecting the original intended meaning. Both the first and second definitions generally follow a parallel construction to facilitate discussion about what aspects may be the same and what aspects are or may be different.
- A Personal Data Store is intended for a) natural human users to b) maintain PII or other personal data c) that they are the subject of d) and that they own outright and for which they operate as the exclusive and authoritative source e) or for which they possess key rights over the local PDS copies including rights to exclude or authorize access by others or modify, rent, license, gift, sell or irreversibly encrypt part or all of the records.
However, for purposes of an account holder of a PDS and who operates on behalf of a business rather than acting in their personal capacity and on their own behalf:
- A Protected Data Store is intended for a) one or more human agents b) and/or software based trading or decision making processes c) authorized by or acting on behalf of a business entity d) to maintain sensitive, secret, confidential, high value, mission critical or other data for which controls are intended to be applied e) about or related to that business entity f) and that the business entity owns outright and for which it operate as the exclusive and authoritative source g) or for which the business entity possesses and has validly delegated to the account holder or holders key rights over the local PDS copies including rights to exclude or authorize access by others or modify, rent, license, gift, sell or irreversibly encrypt part or all of the records.
Feedback and discussion around how the definitions and characteristics reflected above should be modified is solicited and welcome. There is no assumption that any particular wording is necessarily correct and there is every expectation that further input and dialog will improve the current definitions and potentially lead to better understanding and wording that transcends the assumptions underling the current definitions.
Use of the GitHub issues and ticket management is invited. It may be that, as the definitions and essential elements gain more consensus, it will be appropriate to house a clean statement as a file with line numbers and revision features in a Human Dynamics Repo. Till then, this wiki is offered as a starting point.
Discuss.