A ThoughtPoint by Dr Barry Devlin, 9sight Consulting

June 2019

Sponsored by CortexAG

A German version of this article is available at Informatik Aktuell.

In a digital world, every piece of data serves multiple purposes for different people and organisations. In the third article of this series, we see how CoxtexDB addresses the new and difficult issues that arise when the same data has multiple owners.

ThoughtPoint 3 of a 5-part Series

Managing Data Securely

In the first article of this series, “CortexDB Reinvents the Database”, I mentioned one of the key initial drivers for the development of databases: the need to support multiple applications from a single data set. At that time—the Flower Power era of the 1960s—the multiple applications under consideration and, indeed, all the data they used belonged to the specific enterprises that built them. Data seldom if ever crossed enterprise boundaries. Data ownership, if considered at all, related to business departments within the enterprise.

Today, as digital transformation proceeds apace, these simplifying constraints are falling away. As data crosses and re-crosses enterprise boundaries, is gathered and reconstituted in shared-use systems, questions of data ownership and usage authorisation between different actors beyond the enterprise become more complex. Furthermore, with the enforcement of the European Union’s General Data Protection Regulation (GDPR), the privacy of personally identifiable information (PII) must be protected in all circumstances and specific rules determine how access to and use of such data must be controlled.

These issues pose specific challenges to the traditional approaches to storing and managing data in old-style database systems. And, just as a database solved the problem of sharing data between applications, an adaptive Information Context Management System (ICMS) such as CortexDB offers the solution to managing data and sharing information between different actors. The IT industry is only starting to understand and address the complexity that arises, but Germany’s CarPass system provides an excellent example of what needs to be and, indeed, can be done.

CarPass—a Digital Twin of your Vehicle

CarPass is a system currently rolling out in Germany and eventually across the EU, the goal of which is to create and store a complete digital record of any vehicle’s service history that is the property of the (current) owner but can be updated by repair workshops, dealers, and insurance companies, and eventually passed on the new car owner when the vehicle is sold. While the longer-term goal is to include all service and component information about the vehicle—thus creating the vehicle’s digital twin—the initial data being stored is the original information from the vendor, service history, mileage, number of owners and each changed/repaired part in the car since production. One initial business focus is to address mileage fraud that currently costs billions of Euro across the continent. In the longer term, the aim is to provide the current car owner with the right to view a complete history of the vehicle without compromising the privacy of previous owners.

At first glance, CarPass seems like a simple application: create a relational database and give car owners and relevant organisations appropriate access to it. The reality is far from simple.

Although the current data is restricted, the future scope envisages a wide range of data types, many of which will vary from vehicle to vehicle. The data is thus semi-structured, in a variety of types, and variable over time. Such characteristics suggest a document store rather than a relational database as the base technology to avoid problems such as schema change and null value proliferation. However, a traditional document store cannot address data privacy issues when all vehicle data associated with a known owner/vehicle combination resides in a single document/record. Some or all of this data has PII characteristics under the GDPR, as has been stated by federal data protection authority for Lower Saxony in Germany. In addition, authorisation to access or update different parts of the vehicle record must be assigned to and revoked from different parties over time. Even if this were technically feasible in a traditional document store, the administrative overhead of managing access in accordance with the GDPR would be enormous.

As an Information Context Management System (ICMS), CortexDB offers solutions to all these problems and delivers a highly performant system on which to deliver the CarPass application. As described in the second article of this series, “Making Data Agile for Digital Business”, all the data fields in the CortexDB document store are indexed in a 6NF structure that is created and maintained in parallel with the document store. Authorisation and access to the naked data records in the document store are managed through this index, allowing access to individual fields within documents/records to be granted and revoked. The vehicle owner, as current owner of the CarPass record for his/her vehicle, can, for example, grant write access for a new mileage field in the record to a workshop that performs the regular service on the vehicle, revoke it and grant it to another workshop as s/he sees fit. And when the vehicle is sold on to a new owner, the access rights to the CarPass record can be easily passed to the new owner.

It’s not just CarPass alone…

CarPass is but one example of a new class of information management applications where data ownership and responsibility for data creation and access is distributed among different actors. As different parties—both human and machine—create and access data across the entire Internet, issues of authorisation and protection of personal privacy are arising with increasing frequency. Addressing these issues requires the adoption of ICMSs such as CortexDB.

In the next article, I’ll look at another example of how the unique structure of CortexDB offers a new way to address another common problem for digital businesses: dealing with dirty data.

Links to other articles in the series:

Article 1: CortexDB Reinvents the Database – June 2019
Article 2: Making Data Agile for Digital Business – June 2019
Article 4: Distilling Deeper Truths from Dirty Data – July 2019
Article 5: CortexDB Drives Agile Digital Transformation – July 2019