The security research team at Edinburgh Napier University continue their strive within innovation and enterprise with the publication of a new patent related to the modelling of trust and governance relationships for Information Sharing:http://www.google.com/patents/WO2014108678A1
The work has resulted in a spin-out company (Symphonic Trust) and involved many years of funded research and commercialsation. It adds another patent to the work around digital forensics:
which resulted in the Zonefox spin-out.
Big Data is becoming a key industry opportunity, especially as organisations need to quickly understand any changes in their markets and move quickly based on the four V’s of Big Data: Volume, Velocity, Variety, and Veracity.
Modelling the trust relationships which define how the data is exchanged between organisations and domains will allow safi.re to extend to the world’s largest organisations as they look to exploit the use of big data with customers, partners and regulators.
Recent reviews into tragedies such as Baby
P and the Soham murders have identified the inability of public sector
organisations to effectively share information to identify risks to citizens.
This has resulted in a number of data sharing initiatives, all of which have
been assigned UK government budgets, such as Troubled Families with £448m. In
Scotland alone, the Scottish Government has assigned £120m to data sharing
between health and social care specifically.
The spin-out company (Symphonic Trust) has continued this focus with a solution which will scale across multiple health, social care and other organisational boundaries.
The recent release of the Caldicott review by the UK government has raised the level of interest and demand for information sharing further, spelling out the requirement to deliver more integrated services through better data sharing and allowing citizen access to their own records.
The present disclosure relates to improved information sharing and in particular to formal representations of information sharing policies between organizations.
An organization comprises various agents with different roles, which are represented by a form of organizational structure which may for example define a hierarchy of roles. Agents of an organization would normally be individual people although an agent may be a group of people, a software daemon, or a robot for example.
Organizations hold various items of information for example relating to activities of the organization. For various reasons it is desirable for organizations to collaborate and share information. However, organizations will generally not wish to share the entire corpus of information that they hold with another organization because of concerns regarding confidentiality, commercial sensitivity or other policy considerations such as data protection and human rights. There is a tension between the need for efficient information sharing on the one hand versus respecting these obligations and restrictions on the other.
An example of two organizations that have a need for efficient information sharing but in which there are sensitivities regarding the sharing of information would be a police department and a child protection department of a local city council. There is clearly a need in some cases for the police to have information about children under care so that various criminal investigations can be conducted. However, there is also a need from the perspective of a child protection department to ensure that their clients' confidentiality is maintained and that sensitive information is not given out to members of the police force who are not authorised or permitted to access the information. On the one hand, failure to share information could have serious consequences for the wellbeing of children under care and the protection of society but on the other hand sharing too much information could represent a serious civil abuse of confidentiality.
Similar considerations may apply to the sharing of information between any two organizations, be they in the public or private sector.
At present, policies for information sharing are based upon ill-defined permissions and rely upon subjective judgements being made by the owners of information as to whether a requestor has the appropriate authority to access the information they are requesting. Another problem comes when an owner of information faces requests from multiple different organizations. To use the example mentioned above, a child protection department may face requests for information from a variety of different police forces. However, the different police forces which request the information may have different organizational structures and/or use different job titles and/or have different rules associated with similar job titles. This makes it difficult for an owner of information to judge whether a specific request for information should be accepted or not.