Recently, there have been significant developments in the field of personal information, such as the issue of collection and utilization of personal information by large corporations called platformers and the enforcement of the General Data Protection Rules (GDPR) by the EU. Amid this, new mechanisms such as information banks and personal management of information have emerged. We asked Mr. Takehisa Shibata of NRI Secure Technologies about the current status of personal information and required information security.

Personal Information Becoming Widely Used

Data has come to be considered to have great value with the progress of digitalization. Large corporations such as GAFA (Google, Amazon, Facebook, and Apple), who are called platformers, generate enormous profits by collecting huge amounts of consumer data and using it in their businesses. A typical example of this kind of data utilization is the system of analyzing a customer’s purchase history and displaying personalized advertisements based on it.

However, while this kind of data use is progressing, it is also possible that a user's personal data may be misused without his knowledge. The EU has been actively studying the protection of personal information. For example, it has enacted the GDPR, a law that emphasizes the importance of protecting personal information.

Information Banks that Benefit Both Individuals and Businesses

Against this backdrop, information banks have begun to attract attention. "Although data creates plenty of value, it is not easy to manage one’s own data properly," says Takehisa Shibata of NRI Secure. "Therefore, a system whereby companies manage and utilize data on behalf of individuals and return the resulting value to individuals is called the Information Bank."

If we think about protecting personal information in simple terms, we tend to arrive at the conclusion that information should not be provided to companies. However, it is also true that there are many convenient aspects to it, such as being able to receive personalized services in return for providing personal information. It may even result in financial benefits in some cases.

Shibata explains, “Protecting personal data requires knowledge of information security and state-of-the-art technologies, which we cannot expect from the general public. Moreover, when providing information, it will be necessary to determine whether the recipient is trustworthy, which is also difficult at a personal level. The information bank takes up the responsibility of such protection of data and determination of the credibility of the recipient, and thereby supports data use."

In Japan, the Personal Information Protection Law was revised in 2015, enabling companies to provide information on bank services. Shibata is assessing these developments as well as those of third parties.

How to Secure the Right to Control One’s Own Information

Following the use of data by platforms and information banks' support for protecting them, the third-party development that follows is individuals anticipating the use of some form of personal information and controlling information themselves. Tim Burners-Lee, one of the creators of the world wide web, is pursuing a project called “Solid” based on this idea.

In Solid, personal information is stored on clouds and servers and can be selectively provided to specified people. It thus allows individuals to easily manage their own data. It also assigns them the power to control their own data by choosing how much of it they would like to share and with whom depending upon their lifestyle.

Personal information trends of Pole 3

Shibata explains these developments as follows. "The reason why information banks and Solid are gaining attention is because of individuals’ awareness of their right to control their own information. Information banks are implementing this by providing individuals with a system that allows companies to set disclosure ranges for their personal information. On the other hand, in Solid, the basic assumption is that individuals themselves control their own personal information. These initiatives have long been debated among experts, but with the spread of digitalization, they have become familiar issues for all. Although we may arrive at a solution only several years from now, there is no doubt that these developments are noteworthy."
There are already several overseas examples of individuals controlling their own medical data.
"This is a service that mediates data between individuals and medical institutions. Individuals manage and control their medical data on a server and specify the acquaintances and medical institutions to which the content is to be provided. In return, they can obtain useful medical information about their health, while medical institutions can use the data in studying new therapies and other research. Thus, both individuals and medical institutions (information banks) benefit from data mediation through a reliable service."

As such, the increasing focus on data is certain to ensure that the handling of personal information by corporations is scrutinized more than ever before. Shibata points out that it is, therefore, important to establish a mechanism to ensure ethical and transparent use of data.
"If we clarify how we use personal data and deal with mishaps, people will be able to provide their personal data without any privacy concerns. Nomura Research Institute and NRI Secure have been supporting the construction and operation of an ID platform^* that integrates and manages customer information for more than 10 years. We will continue to strengthen our services related to digital identity and help create ways to utilize information that will improve customer value."

*ID platform for integrated management of customer information: Platform for centralized management of authentication processes such as user authentication and password management