What are personal information management systems?

What are personal information management systems (PIMS)?

Technology advancements, including the rise in data mining, the widespread use of smartphones and tablets, as well as improvements in internet connectivity have made the world data-rich. Personal data has seen a tremendous increase in its economic and social value. Informational capitalism, sometimes called surveillance capitalism, has emerged as a new type of value creation due to the increase in data's value.

As Shoshana Zuboff explains in her book The Age of Surveillance Capitalism, the surveillance capitalism model is all about creating value by extracting as much information as possible about users and turning that data into behavioral profiles. Then, these profiles can be monetized through internal use or sale to third parties. Google and Facebook were pioneers in this new model of value accumulation. Recently, both companies were criticized for using mobile apps that collect large amounts of data about users by tracking their phone and web activity.

Enter "personal information management system." These tools are part of an emerging market that could upend current methods of collecting, managing, or using personal data. This will allow individuals to control and manage their identity and preferences, as well as their consent. Ctrl-Shift is a U.K.-based consultancy that specializes in personal information economy. It estimates that there is 16.5 billion GBP in potential market for PIMS, which accounts for 1.2 percent of the U.K.'s economy.

The rise of PIMS and its potential role is especially interesting when viewed in the contexts of the EU General Data Protection Regulation (and the California Consumer Protection Act), which aim to regulate personal data collection and use, strengthen legal requirements for consent and introduce data protection-by-design principles to empower individuals to regain their personal information control.

What is a PIMS?

PIMS (also known as personal data stores or personal space, or personal vaults) are systems that enable individuals to manage their personal information and their online identity. They allow individuals to collect, store, update and share their personal data. PIMS allow people to give, deny, and withdraw consent to third parties for accessing their personal data. PIMS can help organizations comply with privacy laws. It makes it easier to obtain effective consent from users. This can reduce administrative burdens. PIMS also allows individuals to have access to their personal data, which can help facilitate compliance with privacy laws.

PIMS can be seen as next evolutionary step for social media companies like Facebook, Google, Twitter and Instagram. However, the roles of individuals and organisations have been flipped: individuals - not companies - manage their data relationships with other organisations.

The technical architecture of storing personal data divides PIMS into two types: a local storage or cloud-based storage model. The local storage model stores information on users' devices, such as their smartphones, tablets, or laptops. A cloud-based model stores information in one place or between multiple service providers, and is logically linked. No matter what technical architecture you choose, personal data must be encrypted and machine-readable so that interactions can take place without the need for human intervention. Interoperability is a requirement to make PIMS widely used. It also allows for the creation of a common format for data file transfers between services.

Consent management is the core function of any PIMS. Users' preferences are matched with requests to personal data. PIMS with smart contract and blockchain functionality, for example, can make data protection easier by verifying that a user is at least 18 years old rather than giving the date of birth.

PIMS must display information about a user's identity and consent as well as privacy preferences in a user friendly manner. This is key for making PIMS a success. It should also inform users of the success or failure of attempts to access their individual data.

The downsides of PIMS

While PIMS have many benefits, there are potential pitfalls and areas to be cautious about their widespread adoption. PIMS providers should clearly communicate the benefits and risks associated with their technical architecture. Cloud-based approaches are particularly vulnerable to hacking attempts and breaches. This approach places data security at the forefront of its priorities, as any breach could lead to a loss in confidence for the entire service. Personal devices are often vulnerable to data breaches, which can lead to risks in the local storage model. A fundamental issue is that PIMS providers are responsible for designing their systems in compliance with the GDPR, CCPA and any future privacy laws.

Any PIMS that is subject to the GDPR must comply with security breaches regulations. There are open questions regarding the deployment of a PIMS for organisations that store cricitcal user data. Is the primary responsibility of the PIMS to screen and ensure that customers are reliable? A PIMS could also act as a data controller, and the provider would be responsible to keep the personal data safe. It is not clear if and in what manner a PIMS provider can contractually limit its liability to individuals whose data it holds.

Although most PIMS providers have taken steps to address these concerns it doesn't necessarily mean that all the risks of losing confidentiality or unfairly using data are completely eliminated. Any PIMS has an inherent risk that personal data may be accessed or used in a way other than the intended and permitted use. This should be considered when choosing features and services for PIMS.

Future of PIMS

PIMS can be disruptive in many sectors including retail, banking and health. Personal analytics features are one interesting option. An intelligent personal assistant could be used to control how data and/or insights are shared with third parties. This could be done within a specific sector (e.g. well-being and personal mobility), or holistically by gathering and aggregating data from multiple sources such as bookmarks, address book, credentials, financial data or social network activity. Google is working on a technology that analyses the entire Bitcoin and Ethereum blockchains. This gives developers the ability to "do everything" from predicting bitcoin's price to analyzing wealth disparities among ether holders.

Because of the large amount of sensitive personal data they collect, the healthcare industry stands to benefit greatly from PIMS adoption. In 2015, the University of Cambridge Judge Business School published a report that analyzed PIMS and made recommendations for their development. A case study on PIMS in healthcare stated:

"The health sector stands to gain the most from [PIMS], but it also faces some of the biggest hurdles. Not only is health data one of the most sensitive types of personal data, both in law and practice, but healthcare in the EU is under the purview of Member States – and thus difficulties of creating cross-border services are amplified. . . . There are stringent legal requirements related to the processing of health data, as it is sensitive data, and there is heterogeneity in the regulatory environment because healthcare is predominantly a Member State competence in the EU. If healthcare [PIMS] providers can be successful, it bodes well for [PIMS] providers in similarly complex industries, like finance and insurance."

Analytics can also be used for monitoring and predicting health conditions. It could also help to target patients based upon sensitive information (such a financial condition or addictions) and possibly lower healthcare costs by expanding electronic healthcare systems. This would be possible through increased research capabilities, enabling scientific and medical advancements faster as well as new research into previously undata-poor areas like rare diseases. Apple HealthKit and ResearchKit are just a few examples of the potential for analytics in health.


PIMS could change the way people and companies interact and even disrupt whole industries that rely upon personal data. They will work with policy makers to ensure PIMS comply with privacy laws. Their goal is to build trust among users and standardize data interchange formats.

Source: IAPP

Photo by Sigmund on Unsplash


Stay up to date with digital trends

We cover latest trends all things digital with news and infos about developments for your online business.

Scroll to top