MCAF

This is a brief introduction to the Master Data Controller Access Framework or (MCAF) intended to develop a trust and transparency with the use of digital identity management.

Simply put, the MCAF is a rights based framework for developing digital identity architecture. A framework intended to bridge the gaps between the use of access rights and Notice infrastructure by the individual (A.K.A. The Data Subject) in order to develop trusted digital services and infrastructure.

The problem:

Today there is a lack of notice and transparency around the use of volunteered personal information that is becoming a bigger issue every day. As there is an onus on the individual to protect their own data, take responsibility for themselves, there is also a need for the tools to do this with.

This framework introduces the conceptual framework of the Master Data Controller to data protection and technical lexicons. In this way the MCAF bridges these gaps and provides a methodology to address the gap between consent and current notice policies. -(See MCAF CCTV Use Case for example)

Terms Definition
The Master Controller Access Framework

""Master:"" Refers to what is commonly know as the data subject,

""Controller:"" refers to the fact that the Master data provider is the person that is responsible for controlling the data that they share

Access: Refers to the physical ability for the individual to gain information regarding the circumstances, process, contracts, technical ramifications, and so on of the information that a person holds.

""Framework:"" Refers to the methods and infrastructure the master controller uses to access the information regarding how their personal information is going to be used, managed, controlled. As an individual in society is responsible for their own actions, responsible for their own security, and responsible to defend their own rights, it is critical that an individual has reasonable access to information regarding the circumstances, technology, and process that surround the use of their personal information, and in fact the information they share.

Introduction
Master Controller, distinctly refers to a hierarchical concept of responsibility, control and personal ownership in information rights, and more importantly, the natural rights an individual inherently have to control how they communicate.

Currently in law, the explicit requirement for institutions to provide notice to the Master Controller of information is unclear, not standarised and consists of ad-hoc standards. A great deal of existing regulation like the Data Protection Act (DPA) only covers the right for an individual to access information about themselves held by the organization. Although this does not include technical physical requirements of notice beyond just basic information of purpose, contact details, and who the information is shared with.

In fact, there are many little details that are not covered by data protection regulation, privacy laws and so on, which directly affect the security and responsibility of the Master Controller regarding the environment, context, and process of the existing (rights based) data gathering tools (e.g. Freedom Of Information Requests, Subject Access Requests)

The lack of rights based and user controlled infrastructure for the individual in society is becoming ever more apparent and critical as information sharing and technology advances.

Objectives
This framework is intended to develop the individuals infrastructure for engaging with institutions Developing individually driven access rights, making privacy visible, and providing a personal platform for control and commoditization of personal information.

Challenges: One of the major challenges to developing master controller access has been the issues of identity, both proving that you are the identity of the subject that requires access, but also safe guarding the rights of the individual when using rights. Up until recently this hasnt been solved. In 2010 new R&D in digital identity now makes this framework possible.

Draft Benefits Of This Effort
* The MCAF provides an identity rights access framework for bridging gaps between security, privacy, the citizen and the community which obstruct current use of information rights. * The MCAF is a perspective typically represented by processes like the Freedom Of Information Request to government, Subject Access Requests to companies, compulsory notices (mandatory policies) that are comprised  of current industrial age 'data subject' information architecture. (like CCTV Signs,  Privacy Policies, Terms of Service Agreements, Acceptable Use Policies) * Functionally the MCAF contributes a framework perspective to facilitate appropriate digital identity infrastructure that provides appropriate and reciprocal transparency to the Master Data Controller. * The MCAF explicitly being a framework for 'individually driven rights based access' (IDRBA) to the infrastructure of data subject information.

* This framework, along with the infrastructure development it is meant to inspire trusted digital services development.

Clearly regulators alone will not solve all of the challenges faced today. This Framework is designed to bridge these legal gaps.

* What has in fact happened is principles, guidelines, and regulations for fair information practices are not adhered to in the collection and use of personal information. Even when these are developed into law, the infrastructure for their use is almost non existent, limited to opt-in/out check boxes, and appeals to toothless privacy commissioners. * The most functionally critical of rights, is the right of access, and control of ones own personal information. This right is the stalwart of autonomy, self-determination, and self motivation. An incredibly important right for community health and human development.

Use Cases
CCTV - The first MCAF use case is the application of this framework to address the use of Notice in Video Surveillance. * As a use case Identity Trust CIC has picked CCTV as a long standing issue in privacy, rights and user access. Representing online and off line issues. * This use case is intended to illustrate the need for greater transparency, notice, and user involvement for more advance and sensitive information sharing activities that are now emerging in main stream society.
 * This Use Case is also a very defined and practical use case that is a first step towards designing Master Control for individuals on the internet, dealing with Privacy Policies, and Terms Of Service.

Research
Check http://www.identitytrustcic.org