Dataswift Personal Data Account Management System (Technology Brief)
# Overview
The Dataswift Personal Data Account Management System is a technology stack
for organisations to give their people (be they customers or employees) the
ability to store, control, process, and share their own data through personal
data accounts.
The Dataswift technology stack sits on a regulatory framework with statutory
and operational oversight by the HAT Community Foundation. Above it is the
Market Model Enforcement that determines the relationships between Dataswift,
Individuals, and Enterprises large or small. Dataswift enforces the rules set
by the regulatory framework on what is or isn’t possible for the Exchange.
Supporting the functions to serve the individual customer/user is a set of
progressive layers of abstraction: a Personal Data Account-specific API; the
transaction and payments layer; the data storage layer (the Personal Data
Account, itself); and the foundational terms of service and service level
agreements.
Serving the needs of clients is a similar set of capabilities: an enterprise-
facing API to provide access to subsequent layers that mirror traditional data
architectures; a versatile collection of data manipulation tools that are
called by the APIs; a data access layer to unify interaction with distributed
PDAs; and the foundational terms of service and service level agreements.
In the center are a collection of capabilities that orchestrate, operate, and
unify Individual and Enterprise data exchange – and, ultimately, data conduct.
This includes a rating engine to govern the behavior of applications running
on the exchange, as well as market-making and contract generation and
settlement.
# Tools in the Dataswift Personal Data Account Management System
## Give Back Control
Provisioning Personal Data Accounts (PDAs) to individuals in real-time and on-
demand from within an organisation’s application.
### The First Party Contract
- Individuals explicitly agree to a first party read/write contract from any organisation that has been set up beforehand to be auto-generated on-demand within the organisation’s application.
- All first party contracts follow a standardised format, with a universal design and interface across all applications regardless of organisation. Applications are rated based on their data conduct, and individuals can see the rating before confirming the contract.
- Individuals must first confirm the contract if the organisation wishes to store their data in a namespace/folder within the individual’s PDA.
### The PDA Dashboard
- PDAs are legally owned by individuals who are able to see the data of all applications they interact with from their PDA Dashboard.
- The PDA Dashboard is the central point of interaction and control for individuals in relation to their data, enabling access controls, processing and manipulation.
- Individuals can bring in more of their own data into PDAs through plugins
- Individuals can enable new tools to create insights from their data that can be shareable
# Rebuild Relationships
Having direct data exchanges with individuals.
## Personal APIs
- These are the means by which organisations give and get data to/from customers directly.
- Data access occurs only in the context, duration, and purpose specified on the Personal API, enabling continuing relational engagement instead of transactional engagement.
- Flexible APIs allow organisations to create data combinations and bundles according to use cases.
- Tools installed in the PDA create insights from data that are shareable through APIs.
## Data Patterns and Policies
- Policies that enable optimal data orchestration where sensitive data can be stored by customers in their PDAs while other data can be used for analytics.
## Third Party Exchange Contracts
- Additional contracts for Third party write (eg to bring health data into PDA) and Third party read (to be able to access that health data) are available to be set up for PDAs between individuals and organisations.
- Contract maintenance and updates, together with clear details of the data attributes shared, the duration and purpose of use presented clearly to individuals on demand
- Joint access rights and control of namespaces/folders within the PDA can be enabled for solutions that require PDAs for employee or student records.
# Build on Better Foundations
Fully scalable Policy-driven data exchange.
## Dataswift HATDeX Platform
- Enables scalable, on-demand provisioning of PDAs
- Enables scaable, on-demand generation of contracts for approval by individuals with a standardised rating for assurance and certification clearly labeled for individuals
- Enables individuals to securely authenticate their own identity without a need for a third-party identity service
- Enables the authentication of identity-based on any data attribute preferred by the organisation, whether email, a unique ID or private keys securely stored in the PDA.
- Application management services for PDA special features, such as children PDAs or health data.
## Governance Services for Application Setup and Review
- Data conduct and orchestration assessment for application review for optimal centre-edge arrangement and adoption of best practices
- Review of obligations, enforceability, consumer right protection for the contract between organisation and individuals
- Review of data architecture design, lexicon, terminologies, and impact of design based on threats, privacy leaks and overall integrity
- Technical assessment based on API usage
- Impact assessment based on adherence to data source rules and other rules relating to specific constraints on the data (e.g. health)
Last updated: 4 years ago