Last week, I gave a talk at IDM 2009 entitled ‘Privacy and Data Minimisation with Improved Business Returns’. A bit of a mouthful and the result of title-decision-by-committee, but good subject matter!

The main message of the talk was that by focusing on flows of data (particularly, but not limited to identity data) and the user owning that data, you can improve security, your user/customer experience and drive improved financial returns. The slides for the talk with accompanying notes should hopefully be up on our website shortly.

The topic is one that’s gaining focus as organisations shift focus from using IAM solutions to manage risk/compliance and regulatory requirements to more intelligent, business-focused solutions. In discussions with clients, there’s an eagerness to bring IAM out of the ‘back room’ and integrate it more tightly with CRM and BI tools – but also to empower users.

This is seen in internet properties from Google and Yahoo (amongst others), giving the user the ability to share logins, contacts, location and other personal data. Whilst this is great for simplifying things for a user across a number of sites, the key is to empower the user to decide which data is shared, and where. Both in an enterprise context and on the internet, it becomes a challenge to present this to the user in a friendly way, highlighting which data is owned by the user and which by the ‘other party’ in each context. This challenge looks to be where my focus is going to be for the next few weeks, at least.