Andrew Hughes

CEO / Principal Analyst; ITIM Consulting Corp.
Andrew Hughes CISM CISSP is a digital identity strategist and international standards expert. He works with international associations and standards bodies as an independent analyst developing standards and related conformity assessment materials. He is a member of the Kantara Initiative and contributes to industry evolution by volunteering extensively at Kantara, W3C, ISO, ITU-T, Rebooting Web of Trust and Internet Identity Workshop. He serves as Chair of the Kantara Leadership Council, setting the work programme for this global consortium which advances innovation and standardization of trustworthy use of identity and personal data. He is deeply engaged in the ‘missing model’ of identity verification; data processing authorization and consent; and W3C Verifiable Credentials evolution. He has been Editor for several standards at OASIS and ITU-T and has launched and Chaired several work groups at industry consortia. Andrew is an active national expert on the Standards Canada delegation to ISO SC 27.

Andrew's Session


Friday, June 28
8:30 - 9:20 am
Cabinet
An Interoperable Personal Data Receipt Ecosystem in Practice
This LIVE DEMO shows six Kantara Initiative Working Group participants’ products interoperating to generate, store, present, and act on Personal Data Receipts. We have assembled a non-commercial Privacy Control Panel system and want to show it off to you! Today, online service providers get information from or about you so that they can provide services. New privacy and data protection regulations have been coming into effect, which increase the requirement for notice, transparency and accountability when your data is collected and processed. Service providers are required to keep records about their terms of service and your agreement. At their core, these regulations embody variations of the OECD basic principles of privacy protection which suggest the obligations of providers and the rights of the individual. There are very few tools available to the individual internet user to help them understand, manage and control their online information. This creates a power imbalance if one wants to go back later and exercise rights with respect to data – because you probably don’t remember who, what, where, when and how the service provider got your information. There’s a solution! Imagine if the service provider offered you a “Personal Data Receipt”. This receipt would include timestamps, the contents of the privacy notice you saw, what data was collected for what purposes, conditions like ‘delete-by-date’ instructions, and other useful facts. Just like a store checkout receipt, if there’s an issue later on or if you want to look back to see what you did last year, you can open up the receipt and take action. In 2018, Kantara Initiative published the “Consent Receipt Specification v1.1” which is an interoperable Personal Data Receipt specification tailored to a specific legal basis for processing. This demo shows real products in action working with these receipts.

Enter your details to receive email updates from Identiverse