SICAM: Privacy and the Golden Record
By Paul Laurent on Oct 27, 2011
. In my last entry I touched on the concept of Master Data Management (MDM) and “Golden Records” in a State Identity Credential Access Management (SICAM) framework. SICAM envisions using this rationalized version of identity data (with a unique pointer or identifier) to connect dots and gain useful vision into individuals’ many relationships with the State. That Golden Record or “single view of the individual” can then be used to increase efficiency, deliver new services, reduce waste, and enhance security. It’s that same power to connect, however, that prompts common questions about ensuring the privacy and security of Golden Records:
- Does a Golden Record or Unique ID compromise my privacy?
- Won’t it make an excellent target for fraudsters and identity thieves?
- What happens, who is liable, and how am I protected if my Golden Record is compromised?
Starting with the first question, around privacy, let’s address how the SICAM model answers these concerns.
Any thorough discussion about correlating stores of government data will, by necessity, prompt questions about privacy: “Why do I need a ‘unique identifier?’” “Why does the state need to know everything I’m doing?” “Isn’t this the beginning of ‘Big Brother’?” Quite to the contrary actually, the Golden Record that SICAM methodology prescribes is not a cache of new identity or activity information.. It is the product of applying data quality tools (MDM) to rationalize the different identity data a state has already been given by an individual. The Golden Record is a single, most accurate, narrowly crafted answer to the question, “Who are you?” (or more correctly, “Who did you say you were again?”) This record is only drawn from participating SICAM identity stores and it merely looks to net the most correct version of identity from often publicly available information.
The Golden Record doesn’t look to answer the question, “What have you been doing?” It doesn’t collect, mine, seek, or record any personal behavioral data. By SICAM design, there is no stockpile of sensitive identity data or attributes, merely a cross section of “phonebook” information weighted by factors like timeliness, source, completeness, and other pertinent factors indicating the correctness of the data. The Golden Record can be viewed as “authentication as a service” or “identity as a service” that tells you exactly who I am, but still leaves authorization and access to sensitive data and attributes in the hands of the individual departments. By design, in an ICAM architecture, the Golden Record should not contain any sensitive personal or regulated information.
In the next entry, we’ll tackle some of the most common security considerations around Golden Records.