People-Centric Information Assurance
Phase 1 - Initial Exploration of PCIA
Report from the 5th November 2008 workshop – People realise they face risks when they go online and they do expect to be protected. They also realise that, to a large extent, they have to be sensible and look after themselves when online, but they need a lot of support from a wide range of bodies.
Report from the 12th May 2009 workshop – A goal is proposed for the UK's PCIA efforts: to increase the amount of risk mitigation practised and to reduce the amount of risk acceptance necessitated, bringing the two into better balance, without resorting to means that get in the way of progress. The natural forces in operation within a free, market-oriented society, facilitated by appropriate PCIA wisdom, can reasonably be expected to achieve this goal.
Phase 2 - Organisations
Report from the 18th August 2009 workshop – Organisations need to root their approach to protecting the public in the development of a people-centric corporate culture and value system. Simply providing a wider range of privacy options within the services the organisation offers will not be sufficient to cope with the diversity of people's needs.
Report from the 16th February 2010 workshop – People realise that public and private organisations will share the personal information they hold. They feel they have ways to control the sharing performed by private sector organisations but they have little choice but to trust public sector bodies. This puts an onus on public sector bodies to provide adequate safeguards and to take care not to abuse that position of trust.
Phase 3 - Helping people fend for themselves online
Report from the 29th April 2010 workshop – Overall, the vendors of PCs and smart phones have done a good job at making their products resilient to security threats. However, the threats of the future might be increasingly harmful to people. People will need to change their attitudes in response. Government and manufacturers will both have roles to play in that.
Report from the 14th July 2010 workshop – E-crime is an inevitable concomitant of open digital technologies. The complex and inter-dependent dynamics of the digital world mean that the UK needs to adopt a holistic approach to combating e-crime. The Government needs to provide the vision, national strategies and leadership necessary for a coordinated national response.
Report from the 12 October 2010 workshop – If people are to stay safe online they will have to learn to make sensible decisions regarding how to behave and what precautions to take. People’s perceptions and attitudes are the keys to this and need to be the central focus of any efforts made to help people fend for themselves. It is not sufficient just to try to improve the public’s knowledge of safety rules and best practice behaviours.
Report from the 7 April 2011 workshop - Conveying digital safety and security ideas to the public is a mammoth task. The UK needs to take a broad multi-stakeholder approach with each partner working to its strengths. It also needs clearer thinking and a much greater level of coordination and sharing of ideas.
