Recent government regulations allow new applications to use telephone subscriber data for fraud prevention and other identity-centric applications.  However the lack of open standards, industry-certified best practices, and industry-wide participation has created an environment allowing data aggregators to build an estimated half-billion dollar “grey market” of subscriber data, bypassing telecom service providers that collectively maintain this repository on behalf of subscribers and possibly slowing or impeding commerce due to poor quality and outdated information. 

The intent of the Telecom Data Trust Framework authored by the Telecom Data Trust Framework Working Group is to provide a consistent, provider-agnostic set of information exchange protocols and policies for facilitating commercial transactions or assisting in fraud prevention.   Such protocols and policies would enable access to necessary subscriber information without interfering in, risking, or devaluing the primary relationship between the subscriber and the Telecom Service Provider who is holding private subscriber data “in trust”.

At a minimum the Telecom Data Framework should:

• Provide for the access, protection, and control of subscriber information;
• Allow telecom service providers to fairly monetize this information;
• Allow OIX Members certified under this Trust Framework maximum flexibility within the rules and guidelines defined by the Framework.

As noted in the diagram below, parties who use this information to obtain or verify identity may include telecom data aggregators and ID Reference service providers who are willing to comply with the rules, limitations and data protections specified in the Telecom Data Trust Framework. By joining OIX and being certified against this trust framework by independent assessors, these companies can ensure they are in conformance. 

The following is a checklist of the potential components of the Telecom Data Trust Framework to be developed by the Telecom Data Trust Framework Working Group:

• Definitions (subscriber, telecom service or data provider, assessors, ID reference providers)
• Permissible uses of subscriber or line data (for example, for fraud prevention and ID verification) and possible indexing to existing regulation sets
• Data retention rules and policies
• Supported transactions and transaction standards including minimum subscriber data requirements
• Supported information exchange protocols (SS7, XML)
• Subscriber permissions and categories of permissions (for example, the framework might provide the means for a subscriber to opt-in to allow commercial transaction to be authorized, but perhaps not allow subscribers to opt-out of fraud prevention)
• Stratification of information exchange protocols into appropriate levels of NIST Assurance
• Marketing Guidelines (how members may advertise their membership or adherence to rules)
• Audit elements and procedures