Today the MIT Future of Data Initiative released a white paper on Technical Design Principles for Accountability and Traceability at the Financial Data Exchange (FDX) Spring Summit. Participants in the Initiative from academia and industry have come to the FDX conference to explore the privacy requirements of the rapidly evolving open banking ecosystem. The MIT Future of Data Initiative will bring computer science and public policy expertise to the personal financial data environment with the aim of enabling traceable and accountable processes that are conducive to the respectful handling of personal financial and transaction data.
Investigations conducted by the MIT Future of Data Initiative confirm that many organizations, large and small, are eager for new capabilities in their enterprise software environments that support privacy compliance, enhance accountability, and increase consumer transparency and control.
“A key aim of the Initiative,” explained Daniel J. Weitzner, MIT Senior Research Scientist and Faculty co-Director of the Future of Data Initiative, “is to design and build new technical architecture that makes it easier to handle personal data according to requirements set by modern privacy laws and expectations.”
Researchers in the Future of Data Initiative have set a goal of designing and deploying new approaches to respectful handling of personal data with the following:
• Traceable: data provenance — transparency over the source and lineage of data — is maintained for the benefit of consumers, companies, and possibly regulators.
• Granular consent: empower meaningful consent for data use in a granular fashion, such as allowing only certain uses of certain data elements and rejecting others.
• Agile: personal data can be used for analytic and operational purposes while retaining trust, transparency, and accountability.
• Scalable: personal data can be processed in an accountable fashion within and across enterprise boundaries as part of global ecosystems.
• Accountable: uses of personal data are controlled in a manner to enable monitoring of appropriate use as well as detection and consequences for misuse of data. Building on traceability solutions, we can make it possible for organizations to analyze and maintain indicators of data use to monitor compliance with internal policies, consumer consent, contractual obligations, and legal requirements.
One of many contexts where traceability and accountability is especially necessary is the expanding set of data-sharing applications pursued in financial services. An increasing number of consumer services are being developed such as rewards programs, credit assessments, personal financial planning, and payments facilitation where the new services are enabled through more open access to personal financial data. Understanding the full spectrum of movement and uses of shared data is an increasing concern of consumers, businesses, and regulators.
Bob Hedges, Chief Data Officer at Visa said, “Ultimately, traceability will be key to building trust in multi-party data sharing systems. As data sharing grows, it is our obligation to pursue future solutions that enable the traceability and control being demanded by consumers. Empowering consumers to manage how their data is used and where it flows will raise the standard of data-sharing transparency and increase the confidence of all data ecosystem participants. Our work with the MIT Future of Data Initiative is in pursuit of this most important strategic goal.”
“Customers should be able to choose how, when, with whom, and for what purpose they want to share their personal data,” says Mona Vernon, Head of Fidelity Labs. “Our work with the MIT Future of Data Initiative aims at researching and defining the technical patterns to support privacy protection, accountability and traceability of personal data.
While consumer data sharing is a key use case being explored by the Future of Data Initiative, the technology contributions from learning to build accountability and traceability here will inform architectural models that can be used in a variety of other settings, both with personal financial data and other sensitive data workflows.
Kevin Fitzpatrick, Head of Privacy, Data & AI Governance, MassMutual: This is important research that will establish strategies for handling personal financial data in many contexts. We’re excited by the lessons to be learned from open banking privacy architectures to help us continue to handle our customers data with respect.”
