Download Data Privacy and Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts

Web analytics wikipedia, lookup

Transcript
Data Privacy and Security
Prof Sunil Wattal
Consumer Analytics
 Analytics with consumer data to derive
meaningful insights on actions and behaviors of
consumers
 Generally with the intention to offer products
and services in a targeted manner.
What could be wrong with that:
 Target
 Doubleclick
 Facebook Beacon
 The dark side of data analytics
 List instances of information about you
being collected and stored
Invisible Information Gathering
 Examples:
 800- or 900-number calls.
 Loyalty cards.
 Web-tracking data; cookies.
 Warranty cards.
 Purchasing records.
 Membership lists.
 Web activity.
 Change-of-address forms.
 GPS
 Cell Phones
 Smart Phones
Using Consumer Information
 Data Mining & Targeted Marketing
 Trading/buying customer lists.
 Telemarketing.
 Data Mining.
 Mass-marketing.
 Web ads.
 Spam (unsolicited e-mail).
 Credit Records
Privacy
What is privacy?
 Freedom from intrusion (being left alone)
 Control of information about oneself
 Freedom from surveillance (being tracked, followed, watched)
Why are some things free?
 If a service does not charge you money, then you are paying in other ways
 Marketing and Advertising
 Privacy
 Facebook has 1 Billion monthly active users
 Revenues for Q2’12: $1.18 Billion, 84% from ads
 Linkedin Marketing Solutions: $63.1 Million
 Twitter uses Promoted Tweets based on you
Consumer Protection
 Costly and disruptive results of errors in databases
 Ease with which personal information leaks out
 Consumers need protection from their own lack of knowledge, judgment, or
interest
 Uses of personal information
 Secondary Use
 Using information for a purpose other than the one for which it was obtained. A few
examples:
 Sale (or trade) of consumer information to other businesses.
 Credit check by a prospective employer.
 Government agency use of consumer database.
Privacy Policies
 Have you seen opt-in and opt-out choices? Where? How were they worded?
 Were any of them deceptive?
 What are some common elements of privacy policies you have read?
Self Regulation
What are the roles of formal laws vs. free operation of the market?
Supporters of self-regulation stress the private sector’s ability to identify and resolve
problems.
Critics argue that incentives for self-regulation are insufficiently compelling and true
deterrence will not be achieved.
Analytics with global data
Privacy Regulations in the European Union (EU):
 Privacy is a fundamental right
 Data Protection Directive
 In Europe, there are strict rules about what companies can and can't do in terms of
collecting, using, disclosing and storing personal information.
 Governments are pushing to make the regulations even stronger.
EU Privacy Laws
 Personal information cannot be collected without consumers’ permission, and
they have the right to review the data and correct inaccuracies.
 Companies that process data must register their activities with the government.
 Employers cannot read workers’ private e-mail.
 Personal information cannot be shared by companies or across borders without
express permission from the data subject.
 Checkout clerks cannot ask for shoppers’ phone numbers.
Data Security
Data Security
Stolen and Lost Data
 Hackers
 Physical theft (laptops, thumb-drives, etc.)
 Requesting information under false pretenses
 Bribery of employees who have access
 Have you heard of Thumbsucking??
Implications for companies
 Furious Constituents
 Negative Publicity
 Tarnished Reputation
 Public Embarrassment
 Investigations
 Lawsuits, Fines and Penalties
 Financial Losses
 Waste of Valuable Resources
Examples
Availability
 Data needs to be available at all necessary times
 Data needs to be available to only the appropriate users
 Need to be able to track who has access to and who has accessed what
data
Authenticity
 Need to ensure that the data has been edited by an authorized source
 Need to confirm that users accessing the system are who they say they are
 Need to verify that all report requests are from authorized users
 Need to verify that any outbound data is going to the expected receiver
Integrity
 Need to verify that any external data has the correct formatting and other
metadata
 Need to verify that all input data is accurate and verifiable
 Need to ensure that data is following the correct work flow rules for your
institution/corporation
 Need to be able to report on all data changes and who authored them to
ensure compliance with corporate rules and privacy laws.
Confidentiality
 Need to ensure that confidential data is only available to correct people
 Need to ensure that entire database is security from external and internal
system breaches
 Need to provide for reporting on who has accessed what data and what
they have done with it
 Mission critical and Legal sensitive data must be highly security at the
potential risk of lost business and litigation
Approaches to Data Security
 Implement Technological Solutions
 Adopt “Soft” IT Security Approaches
 Change the Corporate Culture
 Can you think examples of these practices at Temple or elsewhere
Next steps
 Inclass Exercises