If you can’t remember to whom you told what; how could you possibly know who to inform if an earlier fact you reported needs to be revised?
When organizations transfer information between systems, they sometimes fail to retain the details about which records were transferred where and when.
What happens today in many systems, especially batch-oriented data transfers, is this: a selection process (e.g., males over 40 with account balances under $20,000) is run against a system of record. This process produces a specific number of output records. These output records are then transferred to the intended recipient. The original data holder, for billing purposes, often retains a record of the selection criteria used, date/time, quantity of records transferred, recipient of the data, etc. Notably, the original data holder does not record exactly which records were transferred.
Unlike Source Attribution which has more to do with the recipient of shared information retaining the pedigree/attribution of the information received, out-bound record-level accountability refers to the detailed logs of what records were sent to whom, when, etc., as maintained by the originating party.
Without out-bound record-level accountability … ensuring data currency across information sharing ecosystems can be problematic. The challenge being when a record changes in the originating system, how will one be certain which recipients of the original record need to be notified?
What’s the fuss?
What if a consumer says to his service provider, please stop using my data for bulk mailings AND anywhere you may have sent my data … either get it back or at least notify them of my wishes? Good luck! Many organizations have no way to account for which records they have transferred to whom.
While out-bound record level accountability is generally a good thing, not every mission will warrant the cost. On the other hand, some missions really should have this degree of accountability. In healthcare systems, for example, if a correction is made to a patient’s known allergies, any earlier dissemination of allergy data should trigger an immediate re-broadcast of the corrected values.
Systems engaged in transferring personally identifiable information (PII) as well as financial systems and surveillance systems are also great candidates for out-bound record-level accountability.
Without well-synchronized data … count on lots of poor outcomes as smart systems are not going to be so smart.
[BTW: One example of out-bound record-level accountability is how the US credit bureaus track inquiries on your credit report. Thanks to the Fair Credit Reporting Act (FCRA), this type of accountability makes it possible for consumers to enjoy transparency as to who has accessed their credit report.]
RELATED POSTS:
Hi Jeff you might want to check out the work that these guys have done (Assuming you are not already familiar with their work).
https://www.prime-project.eu/
These problems have to be solved in order to adequately comply with European data privacy legaslation
regards
Al
Posted by: Al | January 25, 2008 at 04:01 AM