The biggest requests I hear for sharing personal data are deduplication, referrals, and connections with financial service providers (FSPs). The relationship with FSPs should be governed by a contract which includes a section on data management. This should at minimum stipulate data required, data structure, encryption method, and when the data will be deleted.
The other two are more complex and require a data sharing agreement. Both can be tech agnostic, but stipulate the data protection, privacy, and security tests are done of any tech being used. And no, tech is not technically required (it just makes it a 1000 times easier).
While the process for deduplication is different than referrals, we need to consider similar things – purpose, legalities, standards & models (what data, data structure, point people, etc.), access levels, risk, and so on). Deduplication is rarely a one-off event, referrals almost always are. And while deduplication is relatively ‘easy’ to systematise, the key to referrals is knowing who (which organisation AND which person within the organisation) to refer a person to.
And yet, all three – deduplication, referrals, and FSPs – require trust and awareness as a foundation. So I wonder why we spend so little time building trust and awareness and instead spend most of our resources on systems?
Perhaps it’s time to remind ourselves we are dealing with humans not datasets.