Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce...
-
Upload
mind-your-group -
Category
Data & Analytics
-
view
105 -
download
0
description
Transcript of Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce...
![Page 1: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/1.jpg)
#smartercommerce
Aurélie PolsCo-founder & Chief Visionary Officer
Mind Your Privacy & Mind Your [email protected]
@aureliepols
The Future of PrivacyData is the New Oil, Privacy is the New GreenUnlocking Value & Controlling Risk
![Page 2: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/2.jpg)
@AureliePols
About me
Aurélie PolsChief Visionary OfficerMind Your Privacy
• Grew up in the Netherlands, Dutch passport• French mother tongue• Most of my friends are bilingual at least• Have Polish & Russian origins• Set-up my 1st start-up in Belgium in 2003• Sold it to Digitas LBi (Publicis), in 2008• Moved to Spain in 2009• Created 2 other start-ups in Spain in 2012
Mind Your Group, Putting Your Data to WorkMind Your Privacy, Data Science Protected
Yes, a “law firm” but we prefer to say a bunch of Data Scientists working with a bunch of Lawyers
![Page 3: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/3.jpg)
@AureliePols
Context: Privacy tri-partiteJoint effort by:
1. Governments &/or international Associations => legislation, guidelines, …
2. Citizens/voters/consumers3. Businesses
Each party wanting to defend: – Personal Data Protection & the Rule of
Law through respect of Fundamental Rights vs.
– Profits & hopefully Sustainability
Governments
Citizens/voters/
consumers
OUR GLOBAL SOCIETY
Businesses
Analytics vendors / Agencies / Data Users
![Page 4: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/4.jpg)
@AureliePols
About Mind Your Privacy
Boutique consultancy firm providing security consultancy services and legal Privacy advice
Our typical international clients manage sensitive data within an international landscape
Pluricultural and multi-skilled profiles - legal, data scientists and technical
Providing complete solutions to complex data and privacy issues
![Page 5: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/5.jpg)
@AureliePols
This presentation is for Data Users
Source: http://ochuko.files.wordpress.com/2010/04/sides-of-a-coin.jpg
![Page 6: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/6.jpg)
@AureliePols
Privacy, the Word
From our Wikipedia friends:From Latin: privatus "separated from the rest, deprived of something, esp. office, participation in the government", from privo "to deprive”
The ability of an individual or group to seclude themselves or information about themselves and thereby express themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share common themes. When something is private to a person, it usually means there is something to them inherently special or sensitive. The domain of privacy partially overlaps security, including for instance the concepts of appropriate use, as well as protection of information. Privacy may also take the form of bodily integrity.
Source: https://en.wikipedia.org/wiki/Privacy
![Page 7: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/7.jpg)
@AureliePols
Privacy, nothing to hide?
“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”Eric Schmidt, 2009 https://www.youtube.com/watch?v=A6e7wfDHzew
If you've got nothing to hide,
you've got nothing to fear!
Tip: Follow Daniel Solove on LindedIn!
![Page 8: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/8.jpg)
@AureliePols
An Anglo-Saxon term?
Source: http://web.mit.edu/bigdata-priv/
http://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_may_1_2014.pdf
![Page 9: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/9.jpg)
@AureliePols
Blame?
Source: http://mobile.nytimes.com/blogs/bits/2014/05/05/white-house-tech-advisers-online-privacy-is-a-market-failure/
![Page 10: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/10.jpg)
@AureliePols
Solution?
![Page 11: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/11.jpg)
@AureliePols
Is this complicated?
Source: https://www.forrestertools.com/heatmap/
![Page 12: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/12.jpg)
@AureliePols
Regulatory law
“Every country is a little different. You run into different regulatory regimes and you need to make sure you have the right tools so that people can implement the right policies they are required to by law… They aren’t that different”
Source: Bloomberg Singapore Sessions April 23rd 2014http://www.bloomberg.com/video/big-data-big-results-singapore-sessions-4-23-kHN5zrGbR_Wq6hbmV9~aXQ.html
![Page 13: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/13.jpg)
@AureliePols
A global perspectiveUS & UK EU APEC
Common Law Continental Law Continental law influenced
Class actions Fines (by DPAs: Data Protection Agencies)
Privacy Personal Data Protection (PDP)Business focused Citizen focused: data belongs to the
visitor/prospect/consumer/citizenPatchwork of sector based legislations: HIPPA, COPPA, VPPA, …
Over-arching EU Directives & Regulations
PII: varies per state Risk levels: low, medium, high, extremely high
![Page 14: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/14.jpg)
@AureliePols
Democracy & the rule of lawUS & UK EU APEC
Common Law Continental Law Continental law influenced
Class actions Fines (by DPAs: Data Protection Agencies)
Privacy Personal Data Protection (PDP)Business focused Citizen focused: data belongs to the
visitor/prospect/consumer/citizenPatchwork of sector based legislations: HIPPA, COPPA, VPPA, …
Over-arching EU Directives & Regulations
PII: varies per state Risk levels: low, medium, high, extremely high
![Page 15: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/15.jpg)
@AureliePols
Data Protection
In light of fuzzy interpretations of Privacy, could we agree upon• Thinking of it as data protection• Protecting the data we are entrusted with• While respecting the Right to “Privacy”• Taking into consideration information security
measures
![Page 16: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/16.jpg)
@AureliePols
Democracy & the rule of lawUS & UK EU APEC
Common Law Continental Law Continental law influenced
Class actions Fines (by DPAs: Data Protection Agencies)
Privacy Personal Data Protection (PDP)Business focused Citizen focused: data belongs to the
visitor/prospect/consumer/citizenPatchwork of sector based legislations: HIPPA, COPPA, VPPA, …
Over-arching EU Directives & Regulations
PII: varies per state Risk levels: low, medium, high, extremely high
![Page 17: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/17.jpg)
@AureliePols
PII: ah but we don’t collect it!
Medical information as PII
California
Arkansas
Missouri
New Hampshire
North Dakota
Texas
Virginia
Financial information as PII
Alaska North Carolina
Iowa North Dakota
Kansas Oregon
Massachusetts South Carolina
Missouri Vermont
Nevada Wisconsin
New York* Wyoming
Passwords as PII
Georgia
Maine
Nebraska
Biometric information as PII
Iowa
Nebraska
North Carolina
Wisconsin
Source: information based on current ongoing analysis
(partial results)
![Page 18: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/18.jpg)
@AureliePols
So what is considered PII?Personal Information (based on the definition commonly used by most US states)
i Name, such as full name, maiden name, mother‘s maiden name, or alias
ii Personal identification number, such as social security number (SSN), passport number, driver‘s license number, account and credit card number
iii Address information, such as street address or email address
iv Asset information, such as Internet Protocol (IP) or Media Access Control (MAC)
v Telephone numbers, including mobile, business, and personal numbers.Information identifying personally owned property, such as vehicle registration number or title number and related information
Source: information based on current ongoing analysis
(partial results)
![Page 19: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/19.jpg)
@AureliePols
If you collect PII… thenUS & UK EU APEC
Common Law Continental Law Continental law influenced
Class actions Fines (by DPAs: Data Protection Agencies)
Privacy Personal Data Protection (PDP)Business focused Citizen focused
Patchwork of sector based legislations: HIPPA, COPPA, VPPA, …
Over-arching EU Directives & Regulations
PII: varies per state Risk levels: low, medium, high, extremely high
![Page 20: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/20.jpg)
@AureliePols
PII & legislation questions
• Who knows their Chief Privacy Officer?According to the DMA (US), CMOs should abide to an average # of 300 pieces of legislation
• Is PII really PII?Zip code + gender + date of birth can uniquely identify 87% of the US populationSource: Microsoft Latanya Sweeney (2000) http://dataprivacylab.org/projects/identifiability/paper1.pdf
![Page 21: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/21.jpg)
@AureliePols
PII vs. Risk levels
Low
Medium(profiling)
High(sensitive)
Risk level
Data typeInformation Security Measures
Extremely high(profiling of sensitive data)
PII
![Page 22: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/22.jpg)
@AureliePols
Data lifecycles
Analytics => Follow the Money
Information Security & Compliance => Follow the Data
![Page 23: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/23.jpg)
@AureliePols
The Privacy framework 1
User consent
Fair & Legal process: FIPPs
Information for approved use
Data diving analysis / Big Data
New business opportunity through data
Purpose
![Page 24: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/24.jpg)
@AureliePols
The Privacy framework 2
User consent
Fair & Legal process: FIPPs
Information for approved use
Data diving analysis / Big Data
New business opportunity through data
Purpose
![Page 25: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/25.jpg)
@AureliePols
Fair Information Practice Principles - FIPPs
Source: https://security.berkeley.edu/sites/default/files/uploads/FIPPSimage.jpg
![Page 26: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/26.jpg)
@AureliePols
Data collection
• Purpose – Consent– Reason for data collection: • Website improvement, better User Experience• Marketing communication
• Opt-in? Opt-out? Double opt-in?– Depends upon:• Type of data: PII, sensitive data• Type of sector: financial, health, …• Geography: US vs. EU vs. ???
![Page 27: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/27.jpg)
@AureliePols
Examples: US vs. Spain
US: no purpose, no consent
Spain: consent, purpose, opt-in & opt-out
![Page 28: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/28.jpg)
@AureliePols
Trust & creepiness
Consent is about a reasonable expectation of the use of data– There’s a fine line
between feeling charmed vs. feeling invaded
– Create win-win situations: • Customers give company information• Customers get better service/value for money
![Page 29: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/29.jpg)
@AureliePols
Consent & Trust for Telcos
Slide borrowed from Stephen John Deadman from Vodafone Group Services Limited, IAPP congress Brussels, November 2013
![Page 30: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/30.jpg)
@AureliePols
Typical personal data misconceptions
Very often present in technology companies– We do not identify the user while using the data, so we have no
issues with Privacy law– We only use the serial # of the users device, so the data is
anonymous and we have no issues with Privacy laws– We encrypt the data so we are no longer using/sending/receiving
personal data– We use hashes to replace all serial #, so the data is now
anonymous and we have no issues with Privacy laws– We anonymize the data, so we are not using personal data– We can use the user’s data for anything we want, as long as we
keep the data to ourselves– Look: big name companies are doing the same, so we are ok
Slide borrowed from @simonhania from TomTom, IAPP congress Brussels, November 2013
![Page 31: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/31.jpg)
@AureliePols
EU fines?Spain: responsible for 80% of data protection fines in the EU
Source: http://i0.kym-cdn.com/photos/images/newsfeed/000/242/381/63a
.jpg
Source: http://www.mindyourprivacy.com/download/privacy-infographic.pdf
![Page 32: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/32.jpg)
@AureliePols
Security (technical)
Data Collection
TechnologicalPr
oces
ses Resources
security
![Page 33: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/33.jpg)
@AureliePols
Who has access?
Source: Mind Your Privacy seal, specific audit for analytics tools & data agencies
![Page 34: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/34.jpg)
@AureliePols
Supplier reviews - CloudTypical international company set-up
Cloud:• SaaS• PaaS• IaaS
![Page 35: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/35.jpg)
@AureliePols
Data flows = shared responsibility
Source: http://cdn2-b.examiner.com/sites/default/files/styles/image_content_width/hash/6e/54/6e54dfaa644b1fe589e4462b6f2a20b7.jpeg?itok=OIAVYOR1
![Page 36: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/36.jpg)
@AureliePols
As secure as the weakest link
Source: http://www.lebsontech.com/images/ChainLight.jpg
![Page 37: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/37.jpg)
@AureliePols
WHERE TO START?
![Page 38: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/38.jpg)
@AureliePols
Balancing Risks & Benefits
Risks SaaS PIAs: Privacy
Impact Assessment Security evaluation of
your own information Nature of your own
data
BenefitsPriceTransfer of
responsibility?Availability (BYOD,
strike, natural disaster, …)
Source: http://www.labeshops.com/image/cache/data/summitcollection/7918l-lady-justice-3-feet-statue-800x800.jpg
![Page 39: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/39.jpg)
@AureliePols
Compliance vs. Risk Assessments• Achieving 100% compliance is a chimera– Compliance is a journey, not a destination– Level of required compliance linked to
• Sector• Personal internal management• Company risk profile
• Risk is a moving target– Risk of being fined– Risk of being breached– Brand perception => subjective
![Page 40: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/40.jpg)
@AureliePols
A simple examplePII viewer for Google Analyticshttp://davidsimpson.me/pii-viewer-for-google-analytics/
Customer DBData Collection
Data Visualization
Privacy Policy Hosting Security Terms of Use Access
Consent FIPPs Data
retention period
(Hosting) Security Access
What data is Chrome sending?Is your company accountable?
![Page 41: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/41.jpg)
@AureliePols
Other ex.: BBVA Commerce 360
26M transactions/day
25% of marketshare for Spain
Source: http://www.slideshare.net/cibbva/juan-carlos-plaza-explica-los-proyectos-sobre-big-data-de-bbva
![Page 42: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/42.jpg)
@AureliePols
Data transformations
Consent & purpose Through which pipes? Data (transfer) security? Data access? …
From granular to aggregated
![Page 43: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/43.jpg)
@AureliePols
What to do?
1. Know your information structure (cloud)– Can you exactly draw the Cloud supplier slide?
2. Cloud inventory (PIA)– Provider (& sub-contractors)– Location
• Cloud service HQ• Servers
– Applicable law: our friend Snowden– Physical location: earthquakes?
• Any incidents to report?• In-house control access (risk)• Terms & Conditions
– Information Security measures– Related to Privacy
![Page 44: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/44.jpg)
@AureliePols
What to do?
3. Know your Data structure: data inventory (cloud)– (Do you know which data can be found where)?– Have you reviewed your information security
measures?– What happens in case of a breach?
4. Authorization required?– Approval International Data Transfers (IDT)– Safe Harbor– Binding Corporate Rules (BCR)– User consent
![Page 45: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/45.jpg)
@AureliePols
Moving to the cloud1. List your departments2. What type of data needs to be moved?3. What are your data risk levels?– Low / Medium / High / Extremely High
4. What do you need for compliance?
Have a list of questions ready to ask your cloud provider except for the price!
![Page 46: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/46.jpg)
@AureliePols
Note: slides blurred for confidentiality reasons
![Page 47: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/47.jpg)
@AureliePols
Note: slides blurred for confidentiality reasons
![Page 48: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/48.jpg)
@AureliePols
MYP Information Security Framework
![Page 49: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/49.jpg)
@AureliePols
MYP ServicesFor Data Users
Risk Assessment to define maturity model (COBIT) and roadmap Define processes to establish proper security measures and create policies to
structure these process Audit the level of compliance of security measures that are in place Train staff to align them with security plan while reducing the risk of suffering
a data breach Define KPIs to adequately deploy a data governance program
![Page 50: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/50.jpg)
@AureliePols
MYP ServicesAnalytics SaaS Providers
Advice during the procurement process to define the best provider in terms of data security management and privacy compliance
Audit providers´ management of data and privacy
For Analytics vendors & agenciesWEMindYourPrivacy Seal
![Page 51: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/51.jpg)
![Page 52: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/52.jpg)
THANKSFor listening
![Page 53: Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Global Summit 2014erce future privacy aurelie pols](https://reader035.fdocuments.us/reader035/viewer/2022062511/54c6ce5d4a79593f718b45cb/html5/thumbnails/53.jpg)
Aurélie PolsCo-founder & Chief Visionary Officer
Mind Your Privacy & Mind Your [email protected]@aureliepols
Privacy in Digital Marketing:Regulatory Threats vs. Data OpportunitiesBerlin - June 2nd 2014 http://digitalanalyticshub.com/berlin2014/workshops/#ND68
Next full day workshop