Transcript Data Privacy and Security

Data Privacy and Security
Prof Sunil Wattal
Consumer Analytics
 Analytics with consumer data to derive
meaningful insights on actions and behaviors of
consumers
 Generally with the intention to offer products
and services in a targeted manner.
What could be wrong with that:
 Target
 Doubleclick
 Facebook Beacon
 The dark side of data analytics
 List instances of information about you
being collected and stored
Invisible Information Gathering
 Examples:
 800- or 900-number calls.
 Loyalty cards.
 Web-tracking data; cookies.
 Warranty cards.
 Purchasing records.
 Membership lists.
 Web activity.
 Change-of-address forms.
 GPS
 Cell Phones
 Smart Phones
Using Consumer Information
 Data Mining & Targeted Marketing
 Trading/buying customer lists.
 Telemarketing.
 Data Mining.
 Mass-marketing.
 Web ads.
 Spam (unsolicited e-mail).
 Credit Records
Privacy
What is privacy?
 Freedom from intrusion (being left alone)
 Control of information about oneself
 Freedom from surveillance (being tracked, followed, watched)
Why are some things free?
 If a service does not charge you money, then you are paying in other ways
 Marketing and Advertising
 Privacy
 Facebook has 1 Billion monthly active users
 Revenues for Q2’12: $1.18 Billion, 84% from ads
 Linkedin Marketing Solutions: $63.1 Million
 Twitter uses Promoted Tweets based on you
Consumer Protection
 Costly and disruptive results of errors in databases
 Ease with which personal information leaks out
 Consumers need protection from their own lack of knowledge, judgment, or
interest
 Uses of personal information
 Secondary Use
 Using information for a purpose other than the one for which it was obtained. A few
examples:
 Sale (or trade) of consumer information to other businesses.
 Credit check by a prospective employer.
 Government agency use of consumer database.
Privacy Policies
 Have you seen opt-in and opt-out choices? Where? How were they worded?
 Were any of them deceptive?
 What are some common elements of privacy policies you have read?
Self Regulation
What are the roles of formal laws vs. free operation of the market?
Supporters of self-regulation stress the private sector’s ability to identify and resolve
problems.
Critics argue that incentives for self-regulation are insufficiently compelling and true
deterrence will not be achieved.
Analytics with global data
Privacy Regulations in the European Union (EU):
 Privacy is a fundamental right
 Data Protection Directive
 In Europe, there are strict rules about what companies can and can't do in terms of
collecting, using, disclosing and storing personal information.
 Governments are pushing to make the regulations even stronger.
EU Privacy Laws
 Personal information cannot be collected without consumers’ permission, and
they have the right to review the data and correct inaccuracies.
 Companies that process data must register their activities with the government.
 Employers cannot read workers’ private e-mail.
 Personal information cannot be shared by companies or across borders without
express permission from the data subject.
 Checkout clerks cannot ask for shoppers’ phone numbers.
Data Security
Data Security
Stolen and Lost Data
 Hackers
 Physical theft (laptops, thumb-drives, etc.)
 Requesting information under false pretenses
 Bribery of employees who have access
 Have you heard of Thumbsucking??
Implications for companies
 Furious Constituents
 Negative Publicity
 Tarnished Reputation
 Public Embarrassment
 Investigations
 Lawsuits, Fines and Penalties
 Financial Losses
 Waste of Valuable Resources
Examples
Availability
 Data needs to be available at all necessary times
 Data needs to be available to only the appropriate users
 Need to be able to track who has access to and who has accessed what
data
Authenticity
 Need to ensure that the data has been edited by an authorized source
 Need to confirm that users accessing the system are who they say they are
 Need to verify that all report requests are from authorized users
 Need to verify that any outbound data is going to the expected receiver
Integrity
 Need to verify that any external data has the correct formatting and other
metadata
 Need to verify that all input data is accurate and verifiable
 Need to ensure that data is following the correct work flow rules for your
institution/corporation
 Need to be able to report on all data changes and who authored them to
ensure compliance with corporate rules and privacy laws.
Confidentiality
 Need to ensure that confidential data is only available to correct people
 Need to ensure that entire database is security from external and internal
system breaches
 Need to provide for reporting on who has accessed what data and what
they have done with it
 Mission critical and Legal sensitive data must be highly security at the
potential risk of lost business and litigation
Approaches to Data Security
 Implement Technological Solutions
 Adopt “Soft” IT Security Approaches
 Change the Corporate Culture
 Can you think examples of these practices at Temple or elsewhere
Next steps
 Inclass Exercises