Personal Information Management Systems (PIMS) seek to empower users by equipping them with mechanisms for mediating, monitoring and controlling how their data is accessed, used, or shared.
Citation & publishing information
Received: September 26, 2021 Reviewed: December 21, 2021 Published: April 11, 2022
Licence: Creative Commons Attribution 3.0 Germany
Funding: The authors acknowledge the financial support of the Engineering and Physical Sciences Research Council (EP/P024394/1, EP/R033501/1), University of Cambridge.
Competing interests: The author has declared that no competing interests exist that have influenced the text.
Keywords: PIMS, Personal data stores, Data processing, Decentralisation, User empowerment, Self-regulation
Citation: Janssen, H. & Singh, J. (2022). Personal Information Management Systems. Internet Policy Review, 11(2). https://doi.org/10.14763/2022.2.1659
This article belongs to the Glossary of decentralised technosocial systems, a special section of Internet Policy Review.
Personal Information Management Systems (‘PIMS’) provide technology-backed mechanisms for individuals to mediate, monitor and control how their data is accessed, used or shared.
Their purported goal is to empower individuals with regards to their personal data (Abiteboul et al., 2015; EDPS, 2016; IAPP, 2019; Royal Society, 2019; Janssen et al., 2020a). Given the discourse around how data is currently being extracted and used, the concept is growing in prominence in the research and commercial space (Janssen et al., 2020b), as well as gaining policy attention (European Commission, 2020).
There are growing concerns regarding the opacity concerning how data is being processed and (mis)used, where individuals typically lack meaningful transparency, visibility and control over what, how, why and by whom their data are captured, analysed, transferred, stored, or otherwise processed and used (Zuboff, 2015; Lehtiniemi 2017; Berners Lee, 2018). In response, and in line with the growing public discourse regarding data-related issues, PIMS as a concept generally aims to better inform and empower users with regards to the processing of their data (Royal Society, 2019). PIMS are a form of privacy enhancing technology (PET), representing an instance of an approach for privacy self-management—whereby users work to manage their own privacy interests (Solove, 2013; Solove, 2020).
PIMS typically involve an ecosystem, which generally entails a platform providing the PIMS infrastructure. The platform provides users with some components for handling their personal data. Within this ecosystem, third parties seek to process user data (Janssen et al., 2020b). PIMS employ technical, legal and organisational measures that enable users to manage and control their data, and to ensure and validate that the behaviours of third-parties accord with user and platform requirements. Though the specifics of which vary by offering, measures often include (to varying degrees) the ability to determine:
(i) the data collected, captured, stored, or that otherwise available for processing;
(ii) that computation, analytics or other processing performed over that data; as well as providing
(iii) oversight measures to validate, review and audit what happens to their data.
PIMS often enable decentralised data processing, where third-parties that wish to process user data will not directly access a user’s data (e.g. where user data are transferred to the third party). Instead, such mechanisms enable the third-party’s desired computation, analytics, or other processing to be brought to the user’s data (typically residing within a physical or virtual user-centric PIMS device), with only the results of that processing returned to the third-party (Janssen et al., 2020a). This (as with other forms of processing) occurs in line with a user’s agreement, and only over certain data, as determined by the user.
PIMS may be supported by other novel technologies, such as Distributed Ledgers (Zichichi et al., 2020; see separate entry regarding DLTs).
Origins and coexisting uses/meanings
The term PIMS is not novel; some older references to the term can be found, for instance, in Barreau, 1995; Jones & Thomas, 1997; Bergman et al., 2008. Nowadays, the term ‘PIMS’ broadly refers to a class of technology that provides users with means for managing their data vis-à-vis those wishing to process it. Note that PIMS is an ‘umbrella term’, and we see a range of related terms used including: personal data stores (World Economic Forum, 2013; De Montjoye et al., 2014; OpenPDS, 2017; Crabtree et al., 2018; Royal Society, 2019; Janssen et al., 2020a); personal data vaults (Schluss, n.d.); personal information management services (ControlShift, 2014), or personal data spaces (European Commission, 2020). The concepts also bear a relationship with some forms of data intermediary (see separate entry regarding “Data intermediary”).
PIMS have been proposed by actors in civil society (MyData movement, 2015); academia, where offerings such as OpenPDS or Databox were developed; the private sector (some examples include CozyCloud; Mydex; CitizenMe, or Digi.me), or by actors in research environments with the PIMS developing into a commercial offering (Dataswift/Hub of All Things, or Solid/Inrupt, the latter being developed by Sir Tim Berners Lee). PIMS are increasingly gaining attention from policymakers, who currently consider mechanisms for regulating and advancing data intermediation services in general, of which PIMS are one example (e.g. European Commission Data Strategy, 2020; European Commission proposal for a Data Governance Act, 2020; German Bundestag bill for Consent Management Services, 2021; Centre for Data Ethics and Innovation (an expert body of UK’s government Department for Digital, Culture, Media and Sports, 2021)).
PIMS generally adopt an approach that is firmly grounded in the logic of privacy self-management and ‘notice and consent’, whereby users are charged with managing their own privacy interests (Solove, 2013; Solove, 2020; Janssen et al., 2020b). However, such approaches are the subject of critique, with arguments that they are largely ineffective given the systemic issues inherent in digital ecosystems, such as those regarding power and information asymmetries (Barocas & Nissenbaum, 2009; Sloan & Warner, 2013; Bietti, 2020).
Although some forecasted that PIMS could generate considerable economic benefits for businesses and consumers alike (ControlShift, 2014; Brochot et al., 2015; European Commission, 2020), the business cases for PIMS platforms vary and continue to be developed (Bolychevsky & Worthington, 2018).
Personal Information Management Systems (PIMS) aim to inform and empower users by equipping them with mechanisms for mediating, monitoring and controlling how their data is accessed, used, or shared. Their purpose is to provide an alternative to the data processing practices common today. PIMS are growing in prominence with many offerings in the pipeline. While gaining attention from developers, researchers, industry and policymakers, questions over the business cases and the ability for PIMS to overcome the systemic issues in digital ecosystems remain.
Abiteboul, S., André, B., & Kaplan, D. (2015). Managing your digital life. Communications of the ACM, 58(5), 32–35. https://doi.org/10.1145/2670528
Barocas, S., & Nissenbaum, H. (2009). On notice: The trouble with notice and consent. Proceedings of the Engaging Data Forum: The First International Forum on the Application and Management of Personal Electronic Information. https://ssrn.com/abstract=2567409
Barreau, D. K. (1995). Context as a factor in personal information management systems. Journal of the American Society for Information Science and Technology, 46(5), 327–339.
Bergman, O., Beyth-Marom, R., & Nachmias, R. (2008). The user-subjective approach to personal information management systems design: Evidence and implementations. Journal of the American Society for Information Science and Technology, 59(2), 235–246. https://doi.org/10.1002/asi.20738
Berners Lee, T. (2018). One small step for the Web... [Open letter]. Inrupt. https://inrupt.com/blog/one-small-step-for-the-web
Bietti, E. (2020). Consent as a free pass: Platform power and the limits of the informational turn. Pace Law Review, 40, 317–398.
Bolychevsky, I., & Worthington, S. (2018). Are Personal Data Stores about to become the NEXT BIG THING? [Medium]. Irina Bolychevsky.
Brochot, G., Brunini, J., Eisma, F., Larsen, R., & Lewis, D. J. (2015). European Commission: Personal Data Store (MPhil Technology Policy) [Final report]. University of Cambridge. https://www.academia.edu/20193979/European_Commission_Report_on_Personal_Data_Stores
Centre for Data Ethics and Innovation. (2021). Unlocking the value of data:Exploring the role of data intermediaries (Report Commissioned by the UK Government’s Department for Digital, Culture, Media and Sport (DCMS)) [Report]. Centre for Data Ethics and Innovation. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1004925/Data_intermediaries_-_accessible_version.pdf
ControlShift. (2014). Personal Information Management Systems – an analysis of an emerging market: Unleashing the power of trust. ControlShift. https://www.ctrl-shift.co.uk/insights/2014/06/16/personal-information-management-services-an-analysis-of-an-emerging-market/
Crabtree, A., Lodge, T., Colley, J., Greenhalgh, C., Glover, K., Haddadi, H., Amar, Y., Mortier, R., Li, Q., Moore, J., Wang, L., Yadav, P., Zhao, J., Brown, A., Urquhart, L., & McAuley, D. (2018). Building accountability into the Internet of Things: The IoT Databox model. Journal of Reliable Intelligent Environments, 4(1), 39–55. https://doi.org/10.1007/s40860-018-0054-5
de Montjoye, Y.-A., Shmueli, E., Wang, S. S., & Pentland, A. S. (2014). openPDS: Protecting the Privacy of Metadata through SafeAnswers. PLoS ONE, 9(7), e98790. https://doi.org/10.1371/journal.pone.0098790
European Commission. (2020). A European Strategy for data COM/2020/66 final. European Commission. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020DC0066
European Data Protection Supervisor. (2016). EDPS Opinion on Personal Information Management Systems: Towards more user empowerment in managing and processing personal data. https://edps.europa.eu/sites/edp/files/publication/16-10-20_pims_opinion_en.pdf
European Union. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). https://eur-lex.europa.eu/eli/reg/2016/679/oj
German Bundestag Bill for Consent Management Services: § 26 TTDSG Approved Consent Management Services, End User Preferences, German Bundestag (2021). https://dsgvo-gesetz.de/ttdsg/26-ttdsg/
International Association of Privacy Professionals. (2019). Personal information management systems: A new era for individual privacy? iapp. https://iapp.org/news/a/personal-information-management-systems-a-new-era-for-individual-privacy/
Janssen, H., Cobbe, J., Norval, C., & Singh, J. (2020a). Decentralised data processing: Personal data stores and the GDPR. International Data Privacy Law, 10(4), 356–384. https://doi.org/10.1093/idpl/ipaa016
Janssen, H., Cobbe, J., & Singh, J. (2020b). Personal information management systems: A user-centric privacy utopia? Internet Policy Review, 9(4). https://doi.org/10.14763/2020.4.1536
Jones, S. R., & Thomas, P. J. (1997). Empirical assessment of individuals’ “personal information management systems.” Behaviour & Information Technology, 16(3), 158–160. https://doi.org/10.1080/014492997119888
Lehtiniemi, T. (2017). Personal Data Spaces: An Intervention in Surveillance Capitalism? Surveillance & Society, 15(5), 626–639. https://doi.org/10.24908/ss.v15i5.6424
Royal Society (Great Britain). (2019). Protecting privacy in practice: The current use, development and limits of privacy enhancing technologies in data analysis.
Schluss. (n.d.). Schluss. https://schluss.org
Sloan, R. H., & Warner, R. (2013). Beyond notice and choice: Privacy, norms, and consent. Journal of High Technology Law, 14, 370.
Solove, D. (2013). Privacy self-management and the consent dilemma. Harvard Law Review, 126, 1888–1903.
Solove, D. J. (2020). The myth of the privacy paradox. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3536265
World Economic Forum & The Boston Consulting Grou. (2013). Unlocking the value of personal data: From collection to usage. World Economic Forum. http://www3.weforum.org/docs/WEF_IT_UnlockingValuePersonalData_CollectionUsage_Report_2013.pdf
Zichichi, M., Ferretti, S., & D’Angelo, G. (2020). On the efficiency of decentralized file storage for personal information management systems. 2020 IEEE Symposium on Computers and Communications (ISCC), 1–6.
Zuboff, S. (2015). Big other: Surveillance Capitalism and the Prospects of an Information Civilization. Journal of Information Technology, 30(1), 75–89. https://doi.org/10.1057/jit.2015.5
Personal Information Management Systems (or PIMS) are systems that help give individuals more control over their personal data. PIMS allow individuals to manage their personal data in secure, local or online storage systems and share them when and with whom they choose.What are examples of personal information systems? ›
Common versions of personal information manager software include Microsoft Outlook and Entourage, which are primarily email programs but can also provide services such as address books, calendars, reminders, and data tracking and storage.What is a personal information manager PIM software? ›
A personal information manager (PIM) is a type of application software that functions as a personal organizer. As an information management tool, a PIM's purpose is to facilitate the recording, tracking, and management of certain types of "personal information".What is the best PIM platform? ›
- PIMworks. Best PIM software for multichannel syndication. ...
- Akeneo PIM. Best PIM with built-in task management. ...
- Syndigo. Best for ecommerce analytics. ...
- Pimcore. Best free open source PIM software. ...
- inRiver. ...
- Productsup. ...
- OneTimePIM. ...
- Agility Multichannel.
Salsify is a cloud-based PIM software platform that gives everyone across your organization access to the same real-time data from anywhere in the world. Salsify integrates easily with all major ERP, DAM, and ecommerce platforms.What are PIM applications? ›
A Product Information Management (PIM) solution is a business application that provides a single place to collect, manage, and enrich your product information, create a product catalog, and distribute it to your sales and eCommerce channels.What PIM does Amazon use? ›
Goaland PIM and Amazon: Control and circulate your product information. Fully integrated in the company's IS, the Goaland PIM provides the answer to industry requirements and to the constraints imposed on sellers by Amazon.What is PIM data model? ›
A PIM system presents a trusted, uniform version of product master data that optimizes business value chains and drives the economic activity of product-centric organizations.How does product information management work? ›
A PIM tool is a software solution that helps retailers, wholesalers and manufacturers to control their products in a central place. It provides one single point of truth of the product (and all its data). It is the place to gather, optimize and distribute product content data.
The correct answer is Mircrosoft outlook. Outlook.com is a personal information manager web app from Microsoft consisting of webmail, calendaring, contacts, and tasks services.What are the 3 types of personal information? ›
Below are the types of the types of personal information generally covered: Private information. Sensitive personal data information. Health information.What are the four major types of information systems? ›
- Transaction Processing System (TPS): Transaction Processing System are information system that processes data resulting from the occurrences of business transactions. ...
- Management Information System (MIS): ...
- Decision Support System (DSS): ...
- Experts System:
As discussed before, the first four components of information systems – hardware, software, network communication, and data, are all technologies that must integrate well together.Who needs a PIM? ›
- You're managing thousands of SKUs.
- You want to create exceptional shopping experiences for your customers.
- You're actively selling through more than one channel.
- You're ready to expand on a global scale.
- You want to dramatically reduce product return rates.
Privileged identity management (PIM) is the monitoring and protection of superuser accounts in an organization's IT environments. Oversight is necessary so that the greater access abilities of super control accounts are not misused or abused.Which sources feed the PIM system? ›
A PIM system collates product information from multiple internal and external data sources such as an ERP, PLM, or supplier feeds.Why do I need a PIM? ›
At its most basic level, a PIM lets you collect, manage, and enrich your product information, create product catalogs, and distribute information to your sales and eCommerce channels in one place. This is an essential tool for retail businesses in particular that manage products online.What is product data model? ›
Product Model Data refers to all data elements of a product that are fully defined for the application of the product throughout its life cycle, including the data (e.g., geometry, topology, tolerances, relationships, attributes, and performance) required for designing, analyzing, manufacturing, testing, and inspection ...What is meant by product information? ›
Product Information refers to any information held by an organisation about the products it produces, buys, sells or distributes. In the context of Product Information management (PIM), this typically refers to information relating to the selling and/or marketing of products via digital channels.
It is better to use Object Bricks or the Classification Store for these category-specific attributes.What is PIMS for government employees? ›
Personnel Information Management System(PIMS) is a workflow-based system for maintaining the details of an employee. The main details of Employee Identity, Skill Sets, Contact Details, Posting & Location, CGHS, Nomination, Service Vol-1 and Vol-2, Loans, Salary Details, HBA, Record Verification Details.What is bs10012? ›
BS 10012 is a British standard that outlines the specifications for a PIMS. The framework has been developed to help organisations comply with the data protection requirements imposed by laws such as the EU's GDPR (General Data Protection Regulation).What is an IT system made up of? ›
An information system is essentially made up of five components hardware, software, database, network and people. These five components integrate to perform input, process, output, feedback and control. Hardware consists of input/output device, processor, operating system and media devices.What are the components of personal information? ›
Examples include a person's name when combined with other information about them, such as their address, sex, age, education, or medical history. This is not a complete list; many other kinds of information may still qualify as personal information.How do I access PIMS? ›
To make it easier to open Privileged Identity Management, add a PIM tile to your Azure portal dashboard. Sign in to the Azure portal. Select All services and find the Azure AD Privileged Identity Management service. Select the Privileged Identity Management Quick start.What is PIMS in Cpwd? ›
Personnel Information & Management System (PIMS) It is an e-Governance of Human Resource, which has been successfully implemented in Delhi State in PWD and also extended to Central Government in CPWD.What is PIMS WRT Nagaland? ›
PIMS --- a comprehensive digital platform for providing quality and speedy services to our employees. Department of P&AR Govt. of Nagaland.Which standard BIS dealt with data privacy? ›
In June of 2021, the Bureau of India Standards (BIS) introduced IS 17428 for data privacy assurance. It is a privacy framework designed for organisations to handle the personal data of individuals that they collect or process.What are the 5 main components of information system? ›
- Computer hardware. This is the physical technology that works with information. ...
- Computer software. The hardware needs to know what to do, and that is the role of software. ...
- Telecommunications. ...
- Databases and data warehouses. ...
- Human resources and procedures.
As discussed before, the first three components of information systems – hardware, software, and data – all fall under the category of technology.What are the 3 types of personal information? ›
Below are the types of the types of personal information generally covered: Private information. Sensitive personal data information. Health information.Why is personal information important? ›
There is nothing more important than keeping your personal information secure so that you can prevent identity theft. This information is the gateway to your financial institutions, medical records, credit score and other important personal records.What is personal information defined as? ›
Information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual.