The concept of some component (usually software) that manages your personal data is not new. The idea is often associated with Doc Searls, who developed ProjectVRM, which advocates that customers take control of their data in the form of \u201cVendor Relationship Management\u201d tools.In my dealings in the consumer IAM space, I\u2019ve become increasingly aware that digital identity and its applications, needs to be opened up \u2013 to do \u201cjobs.\u201d That is, the identity that says, I am who I say I am is more of a conduit to transfer data between me and some entity I want something from, than a statement of my digital self. Our digital lives are now so much more than using login credentials; equating Facebook with a digital identity now seems naive. Instead, services that allow us to perform dynamic identity-based transactions are setting the stage for a new era in personal data.Doc Searls has been pushing this concept for many years, but I believe that the time is now because of improvements in technologies such as storage and security.Data doing jobsThe platforms that provide the mechanisms for data management and transactions are often called Life Management Platforms or sometimes Personal Data Stores \u2013 personally, I prefer Personal Data Transaction Tools (PDTT). These tools have the ability to build services that can create lasting relationships between the customer (identity data owner) and any service that taps into the platform. Transactions that are traditionally done offline, and that consequently take time to enact, can be done online. Some examples of the use of such platforms include:Online processes, such as applications for passports, driver\u2019s licenses, etc. A customer could use their verified identity and use the data associated with that identity to go through an online application process. The process would allow the user to share relevant data, photos, and so on to complete the process.Relationship building and product offerings. The tools can create a two-way traffic between the customer and services. Companies can offer products to users in exchange for information. For example, a banking product could be made available to a customer if they can show they earn over $$ amount per year.Attribute enrichment can be handled using these platforms, building up user profiles, over time, improving their status and ability to perform online transactions that require higher levels of proof.The issues and the resolutionsThe hosting and management of these platforms is one area that needs to have thought and discussion applied. There is a massive amount of potential in utilizing these systems, but how they are used effectively and optimally requires the resolution of certain issues, namely:The costsThese platforms\/services are for mass-adoption by consumers. And, big platforms need big storage. Although there is not a prerequisite to actually store data, you could call the data during a transfer, or use a blockchain registration \u2013 generally, there has to be a facility to do so. For example, such a platform may store basic attributes, like name, address, etc. But an advanced version, that handles more complex services, is likely to need to store images of passport photos, degree certificates, and so on. This creates a cost hurdle. Advances in storage solutions are lowering this hurdle but you have to balance this with availability and reliability of the storage choice. And, there are a lot of choices in storage now; storage options from Amazon and Azure, for example, can be daunting, so careful attention to design details is needed. The crucial thing to set out before even looking at which storage option to pick, is to understand what types of data you will be storing and what options there are in reducing the overhead of these data \u2013 can you call some data on-the-fly as needed?\u00a0 Without understanding your data needs you cannot do a return on investment analysis.Privacy and GDPRCollecting, storing, and sharing personal data, means lots of compliance headaches. Folks are still reeling from the impact of GDPR and now we hear murmurings from other places, such as California which is looking to bring the \u201cCalifornia Consumer Privacy Act of 2018\u201d into force later this year. A platform or app which is specifically designed to share personal data has to tick the privacy boxes in a most emphatic way. This means that such tools have to bake privacy right in from the design stage through to execution. The GDPR has the concept of \u201cPrivacy by Design and Default\u201d as an underlying ethos. Building this ideology around personal data transactions is helped by ensuring you have incorporated consent models. The Kantara Initiative has been working on \u201cConsent Receipts\u201d for use in such scenarios. Also, look at methods that allow you to minimally disclose data when sharing with services.The securityUltimately, any service that manages a person's personal data is like a golden carrot to a cybercriminal, so you need to apply robust security. Building on the work to determine what type of data you need to collect\/store will help in minimizing data storage needs. This, in turn, reduces the security overhead in data storage security and encryption.\u00a0 Other considerations include API security, open source security, and credential options which are vital to harden. However, getting the balance between effective authentication and usability across a wide-demographic is not easy.The next evolution of Identity and Access Management (IAM) is data sharing. This move will breathe new life into our personal data and make it work for its living, doing jobs for us online, and building relationships with services. We must cross a number of hurdles in terms of return on investment, security, and privacy to prepare for this new world order. We also need to build new business models that can make these personal data transaction platforms central to a larger network of services. If we get this right, we will open up a multitude of services that can benefit from the streamlining and efficiency that sharing personal data online offers.