Archive for June, 2010

Privacy By Design

Wednesday, June 23rd, 2010

HV Yesterday, we launched HealthVault in the UK, in some ways I think it is one of the most interesting (and perhaps, significant) products we’ve had for some time. 

Not just interesting and significant in the context of the product itself, but more because of the approach to privacy that has been taken throughout the development of the platform.

For the uninitiated, HealthVault is simply a cloud based application platform, that allows people to develop rich UI based applications that feed off an individual’s secure and private datastore (in this context for applications that focus on “wellness”). 

HealthVault is unique because it puts the individual in control of their health information, they have full visibility of what data is being consumed, by whom, which applications they use and more importantly, in every decision they make about which apps to use, or who to share their data with, the user is made explicitly aware of what data is required.

What is important in this approach is that the platform was developed using a series of key principles that were there when we started – we didn’t create the code and then “bolt” privacy on as so often happens.

Those principles were simply:

  1. The record you create is controlled by you.
  2. You decide what goes into your record.
  3. You decide who can see and use your information on a case-by-case basis.
  4. Your information cannot be used for commercial purposes unless you are explicitly asked you clearly tell us we may.

Privacy isn’t a binary problem, there is no single answer, but we can’t afford to ignore this key area, we need to listen to (and engage with) the experts – organisations like BigBrotherWatch, Privacy International, and NO2ID are excellent examples of people who are actively engaged in Privacy discussions across the board in an attempt to help us all do a better job of getting this right.

Sure, there’s more to it than this, but the point I’m trying to make is Privacy is going to be the “killer” topic in IT for the next few years (if you don’t believe me, ask Mark Zuckerberg ;-) )  Our collective success in addressing it properly will only come if we work together to understand the issues and build on the above principles to make it stick.