ntouk.com - Jerry Fishenden's technology policy blog

It's a long time since I first spoke and wrote about VRM (Vendor Relationship Management), particularly the idea that it could be a key way of delivering truly citizen-centric public services. Enabling people to take control of their own data is critical if we aren't to see a complete meltdown in the way our personal information is acquired and used. VRM of course aims to make such user control not only possible, but the prevailing model.

The underlying problem (as exhibited in many Customer Relationship Management, or CRM, systems) is that the current model is flawed. It is not organisations that should be progressively acquiring and storing large amounts of our personal data: as Sir James Crosby commented, "it's our data nobody else's". So whatever happened to the idea of data minimisation and minimal retention periods? Until technology systems reflect the reality of user control over their own data I see little prospect of improving the situation. The current model needs inverting, placing the user at the centre of design, not the provider.

Judging by the number of other people now picking up on the idea of VRM, clearly the concept is finally becoming more mainstream. It's a useful illumination of the timelag between niche innovation and general acceptance. But few people seem to be addressing the practicality of how we enable a transition from the current governance, architecture and procurement (GAP) models to one that would facilitate truly citizen-centric thinking. Without addressing this practical problem, VRM will remain a nice idea on the sidelines.

So I've been trying to address some of these issues in my various eclectic discussions and outreach. One strand of this outreach has been about how we can make improvements to the way that technologists engage with policymakers, so that public policymaking can be genuinely informed about the options now available and emergent (rather than the centre basing its thinking on a world that has already started to pass). And another is how we can actively enable an effective, sustainable marketplace in VRM (and cloud-service providers in general) that can facilitate the transition to the new model and away from the current broken one. After all, nice ideas without a practical delivery mechanism are of little use to anyone. Technology, technology policy and strategy all need to be backed-up by viable implementation plans.

Recently we've seen the likes of Microsoft Healthvault and Google Health emerging, which provide user control over personal data access in a particular area of our lives. Mydex is another more recent UK-originated example, which enables individuals to choose what information to share, and which organisations to share it with. Mydex I find interesting as it aims not only to tackle the problem in an open, inclusive way, but is also a Community Interest Company (CIC), supported by the Young Foundation. As it states on its site:

Mydex provides tools, technology and services to help you manage your personal data better, and share it with organisations in ways you feel comfortable with. Mydex's tools let you choose which organisations you give information to, and what you share: as little or as much as you want.

Of course, some personal data such as your name and address are more or less in the public domain, on the electoral roll which anybody can inspect. And you reveal more data when you transact or buy something. Mydex's real value lies in the data that only you know and can choose to share: your real preferences and intentions.

Mydex is also taking the lessons of the likes of InfoCards and Stefan Brands' work on minimal disclosure tokens. In doing so, it provides a practical illustration of how to begin the transition that many of us have been working towards for years, and in a best practice way.

Which is why I'll be keeping a very close eye on Mydex and similar developments. The technology is here but what we currently lack is the recognition that we now need to start changing the wider governance, architecture and procurement models so that we can take advantage of a much better designed technological approach to a problem that touches us all. An approach that helps deliver the much-spoken about citizen-centric model in a meaningful way, rather than leaving it just as a tagline.

Technorati tags VRM innovation technology policy Mydex Healthvault cloud computing software + services