Rating System

HAT Community Foundation (HCF) is developing a rating system for applications and services “powered by HAT”. The main criteria for certification and ratings for data would be Security, Confidentiality, Ownership, Transparency & Trust (SCOTT). Since HATS are private by default, any sharing of data with a third party will mean some loss of privacy. It is, however, important for users to know what to expect in terms of how applications are processing and using their data, and the degree to which they comply with SCOTT criteria. The rating scheme will be an empirically driven, community-agreed market system to rate the levels of SCOTT (e.g. AAA to EEE) and to document the best practices of applications taking data from the HAT.

As it matures, the scheme will be akin to the credit rating scheme in financial services, but in the case of HAT it will represent the ‘credit worthiness’ of data buyers, either directly, or through applications, to be granted access to an individual’s data. It will provide a rough indication of the care, from a SCOTT basis, the application takes for the personal data that sits within the application or data buyer’s system.

Any organisation providing HATs or services “on the HAT” is able to operate only if they comply with a minimum SCOTT standard set out in the HAT Code of Practice maintained by HCF. This provides all users within the ecosystem assurance that their data transactions are subject to a basic but comprehensive level of compliance to a standard level. The rating scheme goes beyond this to give users an “at a glance” indication of the quality of Data Offers posted by accredited Data Buyer. The rating system is empirical, evidence-based and evolving.

Incentives and Alignments

It is also important to check how and why the HAT data leaves the platform. Some apps may require you to give the data away, for example, when you do a survey, fill in forms etc. It is important that the rating checks if the business model of the provider is aligned with the data they receive. For example, giving you a flashlight app for your phone does not give the provider the right to hoover up all your personal data.