Iain Henderson (of Project VRM) and Drummond Reed (of The Information Card Foundation) in May gave a presentation called "The Personal Data Eco-System," a summary that has been posted on the Kantara Initiative Web site.
In a nutshell, they "…discussed the need for the concept of the personal data store, what it would do in practice, and what that will ultimately enable." Now the personal data store (or personal directory, see here and follow the links to earlier newsletters).
The duo postulate five datasets: "my data", "your data", their data", "everybody's data" and "our data". They're defined in terms of "buyers" and "sellers" because Project VRM (Vendor Relationship Management) is mostly about buying and selling, but with a bit of tweaking the definitions can stretch to all identity data and identity transactions.
My data -- the data that is only within the domain of an individual. Its defining characteristic is that it has demonstrably not been made available to any other party under a signed, binding agreement. Indeed, a general comment can be made that 'my data' equates to privacy in the context of personal data. Management of 'my data' can be run by the individual or outsourced to some management service.
Your data -- the data that is undeniably within the domain of an organization; either private, public. Proxy views of this data may exist elsewhere but are only that. This data would include, for example, the organization's own master records of their product/service range, pricing, costs, and sales outlets and channels.
Their data -- the data built/owned/sold by third-party data aggregators, e.g. credit bureaus and marketing data providers in all their forms. Its defining characteristic is that it is only available/accessible by buying/licensing it from the owner.
Everybody's data -- the public domain data, typically developed/run by large, public sector entities including local government (electoral roll), post offices (postal address files), mapping bureau (GIS) and so on. Typically this data is accessible under contract, but the barriers to accessing these contracts are set low -- although often not low enough that an individual can engage with them easily.
The sets of all these data then intersect in what Henderson & Reed call "our data":
Our data -- the data that is jointly accessible to all parties to an interaction, transaction or relationship. It is the data that is generated through engaging in interactions and transactions in and around a customer/supplier relationship. Despite being 'our' data, it is probably technically owned, or at least provided under terms of service designed by the seller/service provider.
This isn't quite the same as my Personal Directory hobbyhorse, but it's close enough (given it's emphasis on commercial transactions) that it's a topic that needs discussing again.
Upcoming Events from the IdM Journal Events calendar:
July 14 (Webinar) "Leveraging Your ITSM Platform to Address Regulatory Compliance"
July 22 (Webinar) "Externalizing Identity into the Cloud"
July 23 (Webinar) "A Real World Look at the Changing IT Security Landscape in 2009"