Monday, 21 May 2007

Computerised data of private information systems analysed

     It concerns states achieved. And what are these states? Breach notifications? Trigger breach notifications. Trigger breach notifications when there is a breach in the security of the system. What system is that? The system comprised by the computerised data that include private information.
     So there is a system that is defined by its content and the content is computerised data of private information. Is that a valid definition? Can we describe a system in that manner? If we accept that as a definition in that case, that should hold for other systems too, more concrete than this case of a system is.
     Taking in account, that by addressing the concept of the system, we should think along the lines of agents, features of agents, conditions of its environment, its process space, the simple rules that hold, that govern the agents activity as they interact with each other and its environment Though environment might not be the correct term and "process space" is more appropriate. My suspicion is that the content of that system, the computerised data do not qualify it as a system, and as such we should accept it as a mere collection of entities and not a system.
      Since to qualify as a system it should have agents, features, conditions, process space, simple rules, interactions. And by them evolve through the stages of chaos, along with sensitive dependence on initial conditions, the development of emergent states, and from these developed states some of them will be selected. States selected will multiply, re-enforce and become the norm, emergence and natural selection.
     Computerised data as such can not be taken as possessing all these qualities therefore they are simply collections and not a system. There is a system though and the computerised data are the object they deal with. There are agents in such a system, and these are the individuals involved in handling the computerised data.
     And who are these agents? The person or business which conducts business in a state and which owns or licences computerised data which includes private information. Private information is the object they deal with and the nature of its object, namely private information, determines the rules of engagement, so to speak.
      Since they are private they should be kept secret from all apart from the person they deal with. Since the person-client, can not, or chooses not to, participate in the transactions the computerised data are used in, the person or business handles the data on its behalf, acts as a medium in a transaction that involves the person and the service or business, it transacts with.
     The private information should be kept secret from any other individual or business that is not involved in the transaction. The sole owner of the private information remains the individual its content refer to. No other person or business should have knowledge of the content of the data, neither the person or business that holds the data on its behalf. They can not own what is not theirs. They can own only that part of the data that is directly relevant to their own specific transactions with the person-client.
      The term computerised data can be easily translated into encrypted data. Therefore the person or business holds the private information in an encrypted form, at all times, and is only released, and more importantly released information, is only the portion that is relevant to the transaction, when a transaction takes place. Once the transaction is complete the information reverts back to its encrypted form.
      The release can be effected via a code by the client at the time of the transaction, programmed by software. Such a process if not eliminate, will minimise the risk of private information been acquired by a person without valid authorisation.
     Therefore to finish that deliberation here, the sole person that owns the private information is the person-client that the private information is about. The person or business keeps the computerised data, in an encrypted form, on the person's behalf, it can only own per transaction specific, portion of that data, and is only released when the transaction takes place.
The simple rule of secrecy is fulfilled.

No comments:

Post a Comment