Data Privacy and Security
description
Transcript of Data Privacy and Security
Data Privacy and SecurityProf Sunil Wattal
Consumer Analytics Analytics with consumer data to derive
meaningful insights on actions and behaviors of consumers
Generally with the intention to offer products and services in a targeted manner.
What could be wrong with that:
Target
Doubleclick
Facebook Beacon
The dark side of data analytics
List instances of information about you being collected and stored
Invisible Information Gathering
Examples: 800- or 900-number calls. Loyalty cards. Web-tracking data; cookies. Warranty cards. Purchasing records. Membership lists. Web activity. Change-of-address forms. GPS Cell Phones Smart Phones
Using Consumer Information
Data Mining & Targeted Marketing Trading/buying customer lists. Telemarketing. Data Mining. Mass-marketing. Web ads. Spam (unsolicited e-mail). Credit Records
Privacy
What is privacy? Freedom from intrusion (being left alone) Control of information about oneself Freedom from surveillance (being tracked, followed, watched)
Why are some things free?
If a service does not charge you money, then you are paying in other ways Marketing and Advertising Privacy
Facebook has 1 Billion monthly active users Revenues for Q2’12: $1.18 Billion, 84% from ads
Linkedin Marketing Solutions: $63.1 Million
Twitter uses Promoted Tweets based on you
Consumer Protection Costly and disruptive results of errors in databases
Ease with which personal information leaks out
Consumers need protection from their own lack of knowledge, judgment, or interest
Uses of personal information
Secondary Use Using information for a purpose other than the one for which it was obtained. A few
examples: Sale (or trade) of consumer information to other businesses. Credit check by a prospective employer. Government agency use of consumer database.
Privacy Policies
Have you seen opt-in and opt-out choices? Where? How were they worded?
Were any of them deceptive?
What are some common elements of privacy policies you have read?
Self Regulation
What are the roles of formal laws vs. free operation of the market?
Supporters of self-regulation stress the private sector’s ability to identify and resolve problems.
Critics argue that incentives for self-regulation are insufficiently compelling and true deterrence will not be achieved.
Analytics with global data
Privacy Regulations in the European Union (EU): Privacy is a fundamental right Data Protection Directive
In Europe, there are strict rules about what companies can and can't do in terms of collecting, using, disclosing and storing personal information.
Governments are pushing to make the regulations even stronger.
EU Privacy Laws Personal information cannot be collected without consumers’ permission, and
they have the right to review the data and correct inaccuracies.
Companies that process data must register their activities with the government.
Employers cannot read workers’ private e-mail.
Personal information cannot be shared by companies or across borders without express permission from the data subject.
Checkout clerks cannot ask for shoppers’ phone numbers.
Data Security
Data Security
Stolen and Lost Data Hackers Physical theft (laptops, thumb-drives, etc.) Requesting information under false pretenses Bribery of employees who have access
Have you heard of Thumbsucking??
Furious Constituents Negative Publicity Tarnished Reputation Public Embarrassment Investigations Lawsuits, Fines and Penalties Financial Losses Waste of Valuable Resources
Implications for companies
Examples
Availability
Data needs to be available at all necessary times Data needs to be available to only the appropriate users Need to be able to track who has access to and who has accessed what
data
Authenticity
Need to ensure that the data has been edited by an authorized source Need to confirm that users accessing the system are who they say they
are Need to verify that all report requests are from authorized users Need to verify that any outbound data is going to the expected receiver
Integrity
Need to verify that any external data has the correct formatting and other metadata
Need to verify that all input data is accurate and verifiable Need to ensure that data is following the correct work flow rules for your
institution/corporation Need to be able to report on all data changes and who authored them to
ensure compliance with corporate rules and privacy laws.
Confidentiality
Need to ensure that confidential data is only available to correct people Need to ensure that entire database is security from external and
internal system breaches Need to provide for reporting on who has accessed what data and what
they have done with it Mission critical and Legal sensitive data must be highly security at the
potential risk of lost business and litigation
Implement Technological Solutions Adopt “Soft” IT Security Approaches Change the Corporate Culture
Can you think examples of these practices at Temple or elsewhere
Approaches to Data Security
Next steps
Inclass Exercises