Personal data is stored in existing organisational databases and each application used in an organisation has its own store of personal data. The difficulty of providing common services involving personal data is that most applications require data from other applications and often from different applications in other organisations. The data is distributed. Three approaches to common services involving personal data to a group of organisations are:

1. a common service using a single data base or index to all the personal data held by all the organisations. (e.g. personal databases such as MyDex)
2. a single signon service (Federation of Data or a whole of country myGov)
3. the data remains siloed in organisational databases and the data is linked with a distributed algorithm such as PErsonal Distributed Data ALgorithm (PEDDAL). The data is accessed via an API that returns previously recorded values of the data no matter where it was stored.

The first two approaches require the creation of a "single entity" around which the data is organised. The third approach leaves the data distributed and collects the data as needed through a network algorithm.

The use of 3 is illustrated with a change of address application. This is followed by an outline of other applications that might use the links established with 3.

Change of Address

An organisation has decided to deploy the change of address application and it is made available to the organisation. The organisation can either install its own version of the application or it can use a trusted version of the application provided as a set of calls to a webservice.  When an organisation installs the application it can see all the other organisations that are using the application and it decides if it wishes to allow the users from those organisations to see their address via the organisation.

Let an organisation have a form into which a person can, or has, entered their home address.  The application uses PEDDAL to assist the person enter or change their address by showing them a list of all the unique home addresses they have previously entered using other PEDDAL systems.  The person either selects an existing address or enters a new one.  If there are different address the person is asked if they wish to change their address in each of the other databases.  If they say yes then they can make the changes provided they satisfy the authentication of id requirements for the database to be changed.

What this means is that no matter where a person enters their address they can update all other occurrences of address in all databases that use the PEDDAL algorithm and where the organisations concerned permit the change.

When an organisation decides to use PEDDAL they store a copy of the address along with identity information needed to be authenticated for the data to be changed. This could be things such as name, email address, phone number, voice print, photoid, pin number, id number, date of birth or password. This information is only accessible from the organisation.

For example assume the electoral office, the passport office and a Bank all use the PEDDAL algorithm for address and all use name and date of birth as identifiers for the person.

A person goes to the bank website to change their address.  They are shown other examples of addresses they have entered but not where the addresses come from. They select the one they wish to use or they enter a new one.  If they enter a new one that is different to others in the list then they are taken to the organisation where they authenticate themselves according to the rules of that organisation.  If this is the Electoral Office they simply press OK.  If it is the passport office they might be asked to enter their passport number.

It should be noted that the bank does not know that the person has records with the Electoral Office and Passport Office and vice versa.  All identifying information is kept within the siloed databases controlled by the organisation who has collected the information. It is not revealed to the person with the address change and retrieve application.

Once the databases are linked other applications can use the links established with the address application.

1. a person may be required to pay to purchase a Passport.  They could be directed to the bank to make the payment without having to enter any other information except identify themselves to the bank using the bank's identification system.  The linkage of the person was through the links obtained by linking their residential address.
2. Immigration may wish to verify that the person has a bank account with the Bank to issue a visa.
3. Immigration may direct a person to open a bank account in Australia before issuing a Visa and let the person choose from PEDDAL organisations.
4. Bank may wish to verify that a person has a valid visa before opening a bank account.
5. The Electoral Office may wish to verify that the person has changed their address with another party such as the Bank.
6. The Bank may wish to verify that the person has left the country when there is a credit card request from overseas.
7. Immigration may wish to ask the person to confirm where they have travelled by getting them to show electronic purchases made through the Bank.
8. Immigration may wish to confirm that a student has a steady income by getting the person to show regular payments from overseas.  (verification of ongoing income).