I3 Data Confidence
We provide provide software that enables the confidence and integrity required for data communities based on I3 Software. Support for transparency, incentives, and data policy are built into the software's DNA.
I3 Data Management
Our I3 software to meet the needs of commercial and government data management network that uses data to interact across divisions, with partners, and with customers. The system supports real time data flows between applications and IoT devices, Features that provide for privacy,
Ecosystem Enhancement
We support IT departments, service providers, accelerators, application developers, and device manufacturers wishing to expand their data community. Transparency and integrity are needed to expand data use and increase data insights.

Our Mission

We Support Ecosystem Data Driven Innovation

Data Driven Insights

Innovation requires data, lots of data from lots of sources, and by creating a network of real-time data sources insights are accelerated

Economic Advantage

Innovation can be expensive but by making it easier for applications to find needed IoT data and by leveraging IoT device data IoT network economics are maximized,

Time Efficiency

Innovation takes time, by providing data when and where it is needed, concepts can be rapidly evaluated and operationalized

Use Cases

Recent Projects

Smart Parking
Smart Parking

Government Services

Community Security
Community Security

Shopping District

Healthy Environment
Healthy Environment

Community Healthcare

Video Analytics
Video Analytics

Service Demand Planning

The Latest News

New Data Rules Drive Operational Changes

In November 2020, California passed the California Privacy Rights Act (CPRA) which largely serves as an update to the California Consumer Privacy Act (CCPA) that was originally passed in 2018.  There are those that argue that a patchwork of privacy laws makes it difficult for companies to do business, but the reality is that when these companies adhere to the most stringent requirements and apply them across the board, this issue largely goes away.  CPRA has the potential to become one such lighthouse issue that drives action far outside the California borders. 

CPRA properly recognizes that privacy cannot be ensured unless the data has been properly secured.  Data security is a prerequisite that must be considered before an effective data privacy policy can be put in place.  The law requires that companies that store personal information implement reasonable measures to detect security incidents, resist malicious or illegal actions, and to aid in the prosecution of malicious individuals responsible for such actions.  The requirement that companies aid in prosecution of individuals implies the need to keep detailed records about such attacks.  On the surface, this may not seem like an onerous requirement given that most data security systems log detected security events, however, by linking security to privacy, CPRA has created a need for security threats to be correlated to data repositories and then to potentially impacted individuals.  Most organizations do not have a complete (and auditable) directory of the data held within their organization and this issue may be a major obstacle in meeting these new requirements.

CCPA required consent before an organization could begin collecting personal information.  CPRA has made the definition of consent more specific.  For example, consent requests cannot be incorporated into broad and general statements of policy.  Consent agreements have to be explicit, self-standing, so the request and its limitations are clear to the individual.  CPRA also calls for consent agreements to be reasonably specific as to the purpose of the data collection, the type of data collected, and how the data will be used.  In addition, organizations cannot assume any general activity on the part of the user can be construed to imply consent.  For example, by simply putting the consent form on the screen, the organization cannot assume the person would agree based on making the consent information available to them.  

CPRA  expands the definition of what is considered personal information.  Technologies that monitor a person’s behavior through heat maps, mouse tracking, historic use patterns, etc are not prohibited but they are considered personal information.  As such, organizations have to obtain a user’s consent before these technologies can be used.  CPRA also goes as far as to set organizational limits to consent agreements.  For example, if the user consents to allowing Budweiser to collect data about them, it does not mean that they have agreed to allow Corona access to that data even though both companies are part of the InBev group.

CPRA serves to extend the regulatory reach of these agreements into the data supply chain.  If an organization provides data to a third party and the user later asks to be deleted from the data set, that request must be passed on to all third parties who received the data, directly or indirectly, from the source organization.  This implies that any organization who provides data to a third party must also track their data distribution systems.  Further, any third parties that accept data from another source are bound to the conditions that the original organization established when the data was first connected.  This requires that not only must a company track (and presumably audit) the data that is held within the organization, this data directory has to also be capable of tracking third party data as it enters or leaves the organization.  Essentially, the organization has to track the provenance of the all data within and flowing through the organization.  If an organization discovers that a down-stream partner is not using the data in accordance with the established consent agreements, the organization is expected to take reasonable steps needed to remediate use of that data.  

CCPA required organizations to disclose the type of information collected about individuals. CPRA expanded the requirement to allow individuals to request organizations disclose the exact information they hold about them and the retention policy associated with their data.  As a part of this process, people can ask that erroneous information be corrected or deleted.  The law also mandates that retention periods cannot be unreasonably long and should be tied to the use case described when consent was obtained. 

CPRA put additional clarity around the activities that are covered by the law.  As originally written, CCPA rules applied to the sale of data between two entities.  CPRA clarified the point by establishing that other non-commercial transfers of data are included under these regulations.  The consent agreement must also indicate any expected data sales/sharing arrangement that might make use of the collected data.  If, by chance the organization decides to share data with a third party after the data has been collected, the original consent agreement needs to be modified and sent to the individuals in order to affirm their continued consent . 

Despite the fact that the ‘C’ in CCPA stood for Consumers, the CPRA laws also applied to employee data held by the company.  CPRA makes it clearer that these privacy rules apply to any personal information held by the organization, not just ‘customer’ data.

CPRA also created a new state agency, the California Protection Agency, which is tasked with enforcing the CPRA laws.  This agency can levy fines and it also has the authority to audit an organization’s privacy (and security) practices.

CPRA only applies if an organization is a for-profit entity that has either more than $25M in revenue OR if 50% of its revenue comes from its data sharing activities.  While small companies and nonprofits are not covered by the law, these other organizations should consider adopting the CPRA practices as a normal market expectation. 

CPRA won’ be enforceable until 2023 giving organizations some time to get their house in order but once it does become effective, it will cover all data that was collected from January 1, 2022 onward.  These requirements have driven many organizations to name a Chief Security Officer (CSO) or a Chief Data Officer (CDO) that is intended to establish and then oversee the organization’s efforts to secure the data they hold.  These personnel have 2021 to get their strategies defined and in place so they can begin monitoring data systems within their organization at the start of 2022. 

Who Can You Trust with Your IoT Data?

No single entity can install enough IoT devices, systems, and applications to cover everything needed. As a result, entities must collaborate in two areas. The first area is interoperability. You would have never been able to enjoy Wi-Fi, Ethernet, Bluetooth, and many other technologies if equipment, connectivity, and service providers would not have put the effort to establish interoperability among their products and communication protocols. But it is the second area that this article focuses on: TRUST.
Can one provider trust another provider with your data?
The consequences of your data falling to the wrong hands could be devastating, and in some cases, could even pose threat to life and business viability. The level of trust you must have in another entity correlates, and must compensate for your perception of the risk that you might incur if that entity mishandles your data.
My definition of trust helps here: trust is your willingness to accept the potential negative consequences of giving control over something you have to someone (or something) else.
So, how do you know if you can trust another entity with your data?
To answer this question, I would turn to my model of trustworthiness, and the 6 components of it.
First, is the other organization competent in handling your data? Have they shown the ability to maintain data security in the past? Do they have the capability and the skills to continue and do that? If applicable, are they, their products, or their services appropriated certified to maintain data security?
Second, does the other organization share your values? What is their motivation for collaborating and interoperating with you? Are they driven by the same values and motivations as your organization, or are they driven by values that oppose those of your organization? “Marriage of convenience” could blow up in your face, when conflicting motivations rise to the surface. You must assure that your values are aligned with those you wish to trust.
Third, is the relationship symmetrical? Data that flows only in one direction is asymmetrical and may lead to breaches in trust. On the other hand, if data flow between the two organizations is symmetrical, trust will be maintained at a higher level. Keep my information safe and I’ll keep your information safe. Symmetry is a powerful motivator for trustworthiness.
Once you analyzed the other organization through these first three components, you would be able to determine whether you can (or cannot) fundamentally trust them. Don’t share information if the other organization cannot be trusted through the analysis of those three components.
The next three components come to play through the ongoing relationship with the other organization, because trust is dynamic. It increases (or declines) with every interaction and, although not as fast, in between interactions. In fact, it will decline faster with negative interactions than it would increase with positive ones. Just like people are much more inclined to post negative reviews if they had negative experiences than they are to post positive reviews if they had positive experiences. Bad is much stronger than good.
The other organization is made of people, and people are (or are not) trustworthy, which would make their entire organization trustworthy (or not). How they interact with you would allow you to determine their trustworthiness. The three components of every interaction are the positivity of the interaction, the length and frequency of interactions, and the intimacy of those interactions. The more direct, transparent, no-BS your interaction counterpart is, the more you can trust them. The more frequently you meet with them, and the longer you meet with them, the more you can tell if you can trust them or not. In a similar way, the higher the intimacy of your interactions are (more face-to-face, less email), the more you can tell if you can trust them.
While there is almost nothing you can do beyond judging the competence or values of the other organization, or the symmetry of your relationship, there is a lot you can do to determine their trustworthiness and build trust between you and them through interacting with them more frequently, for longer time, and more intimately.
Finally, remember that as much as you may need to trust them with your data, they must trust you with theirs. Building trust does not happen when you demand another person (or organization) to behave in a way that will earn your trust. It happens when you behave in a way that will earn theirs.

The author is the CEO of the Innovation Culture Institute LLC and the author of The Book of Trust and twelve other books and 300 articles. He was named one of the top 20 thought leaders on organizational culture by Thinkers 360. Find out more at www.yoramsolomon.com

Testimonials

What people are saying

"I3 shows how to leverage data within the city so it is used and reused across the city in order to forward the entire mission of the City"

Joyce Edson
Joyce Edson Deputy CIO, City of Los Angeles

"I3 will create a much more sustainable approach towards data by making it easier to incorporate technologies needed to make communities smarter. "

Dr Bhaskar Krishnamachari
Dr Bhaskar Krishnamachari Faculty and Research, University of Southern California

"I3 is like credit card processing companies in that credit card companies provide the connection so money can flow - we need that for data"

Dhaval Kapadia
Dhaval Kapadia Founder, Startup Steroid