I think there have been several initiatives in which privacy has been very much at the core of the program. I think some of the programs have struggled. One of the particular ones that comes to mind is the GOV.UK Verify program, which looks at identity. It's based on a very sound set of privacy principles, and it was designed from the ground up to ensure adherence to those and to take account of upcoming legislation, such as the European Union's General Data Protection Regulation. However, I think that for other reasons, this program has struggled to deliver the outcome it once set out to achieve.
Other areas that I've been involved with include some of the police national systems, where the thing is generally very well designed in terms of data protection of the citizens involved and has protective monitoring. Unfortunately, there have been one or two cases that have proved the value of the protective monitoring in terms of officers being belatedly identified as having abused the trust with access to those systems. I think we need to look at ways to have more proactive monitoring on systems so that if there is potential abuse by an insider such as in those cases, or indeed by a hostile player from outside, we're much more timely in the way we respond to those incidents.