Más contenido relacionado

Similar a eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over Compliant(20)


Más de Aurélie Pols(20)


eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over Compliant

  1. From Über Creepy to Over Compliant Managing your (Digital) Analy:cs Assets October 30th 2014 eMetrics Summit London Aurélie Pols @aureliepols
  2. Aurélie Pols Chief Visionary Officer & co-­‐founder Mind Your Privacy @aureliepols Presented by: Aurélie Pols @AureliePols • Grew up in the Netherlands, Dutch passport • French mother tongue • Most of my friends are bilingual at least • Have Polish & Russian origins • Co-­‐founded 1st start-­‐up in Belgium in 2003 • Sold it to Digitas LBi (Publicis) UK in 2008 • Moved to Spain in 2009 • Created 2 other start-­‐ups in Spain in 2012 Mind Your Group, Pu#ng Your Data to Work Mind Your Privacy, Data Science Protected Yes, a “law firm” but we prefer to say a bunch of Data Scien/sts working with a bunch of Lawyers
  3. Call me a bore, I’ve been listening to the helicopters coming, while humming Wagner’s Ride of the Valkyries
  4. Addi:onal scare tac:cs REMEMBER TARGET? Presented by: Aurélie Pols @AureliePols
  5. Meet Beth and Greg December 19 Presented by: Aurélie Pols @AureliePols 2013: 40 million credit & debit card accounts breached January 10 2014: personal data of 70 million customers hacked March 05 2014: Beth Jacobs, Target CIO since 2008, RESIGNS May 05 2014: Gregg Steinhafel, Target CEO, 35-­‐year company veteran, RESIGNS
  6. Target today February 2014 May 15 2014 Presented by: Aurélie Pols @AureliePols
  7. How many lawsuits is Target facing? Presented by: Aurélie Pols @AureliePols
  8. 140 29 from banks & credit unions Totaling $761 million And then I stopped coun:ng Presented by: Aurélie Pols @AureliePols
  9. Unsinkable? How many lifeboats will you trade for lives? Presented by: Aurélie Pols @AureliePols
  10. How about creepiness vs. analyTcs? Cloud tools fines & warnings Oi, Brazilian Telco & Phorm France Telecom & email campaign tool Presented by: Aurélie Pols @AureliePols
  11. A cat dies EVERY TIME YOU USE THE ACRONYM PII Presented by: David Hollender @DavidHollender
  12. So what is considered PII? Personal InformaTon Presented by: Aurélie Pols @AureliePols (based on the definiTon commonly used by most US states) i Name, such as full name, maiden name, mother‘s maiden name, or alias ii Personal iden:fica:on number, such as social security number (SSN), passport number, driver‘s license number, account and credit card number iii Address informa:on, such as street address or email address iv Asset informa:on, such as Internet Protocol (IP) or Media Access Control (MAC) v Telephone numbers, including mobile, business, and personal numbers. Informa:on iden:fying personally owned property, such as vehicle registra:on number or :tle number and related informa:on Source: information based on current ongoing analysis (partial results)
  13. If you collect PII… then Presented by: Aurélie Pols @AureliePols US & UK EU APEC Common Law Con:nental Law Con:nental law influenced Class ac:ons Fines (by DPAs: Data Protec:on Agencies) Privacy Personal Data Protec:on (PDP) Business focused Ci:zen focused Patchwork of sector Over-­‐arching EU Direc:ves & based legislaTons: Regula:ons HIPPA, COPPA, VPPA, … PII: varies per state Risk levels: low, medium, high, extremely high
  14. Data has become a valuable asset DATA IS A RISK BECAUSE IT EXISTS Presented by: Aurélie Pols @AureliePols
  15. Where to start? Compliance? Privacy? Security? Presented by: Aurélie Pols @AureliePols Moving targets
  16. The “Magnum” Plan • Document Presented by: Aurélie Pols @AureliePols your data set-­‐up • Set-­‐up a compliance check-­‐list: – Applicable legisla:ons to your sector – Territorial scope • Evaluate your risk • Follow-­‐up with informa:on security measures (data protec:on) • Adopt global & sustainable Privacy best prac:ces
  17. 5 ONLINE MARKETING RULES TO RESPECT CONSUMER’S PRIVACY Presented by: Aurélie Pols @AureliePols
  18. 5 Online MarkeTng rules to respect consumer's privacy 1. Say what you do and do what you say 2. Harness your data liability 3. Foster data frugality & documenta:on Agile is the ‘mot du jour’ 4. Cherish the human aspect of data protec:on 5. Dialogue and find common ground Presented by: Aurélie Pols @AureliePols
  19. 1. Say what you Do & Do what you Say Privacy policies statements: • Publicly Presented by: Aurélie Pols @AureliePols available documents • Date stamp: less than 1 year old • Implies processes: – Eg. “we don’t collect data of minors” => COPPA – Dele:on & anonymiza:on – Bankruptcy or M&A data transfers • Apributes responsibility:
  20. Presented by: Aurélie Pols @AureliePols Entreprise goal User goals Privacy Policy Requirements Privacy Mechanisms Procedures & Processes Privacy Awareness Training Quality Assurance Quality Assurance Feedback
  21. Yelp said that only about 0.02 percent of users who actually completed the registra:on process during the :me period provided an underage birth rate, “and we have good reason to believe that many of them were actually adults.” The company had an average of about 138 million unique visitors in Q2 of 2014. Cost? above 16$/monthly unique … Source: hpp://­‐seples-­‐us-­‐uc-­‐charges-­‐of-­‐viola:ng-­‐child-­‐privacy.html Presented by: Aurélie Pols @AureliePols
  22. 2. Harness data liability Across data plavorms & flows – Understand Presented by: Aurélie Pols @AureliePols Terms & Condi:ons – Sovereign:es/legal jurisdic:ons: Safe Harbor and Binding Corporate Rules (BCRs) – Access! Ø Tool vexng Ø Agency vexng
  23. Responsibility of analyTcs agency? Informa:on Security & Compliance: Follow the Data ü Define the tools ü Grant accesses ü Data collec:on & data lifecycle ü Data sharing & data flows Ø Ouen a Presented by: Aurélie Pols @AureliePols weak link
  24. Who has access? Source: Privacy Green seal, specific audit for analy:cs tools & data agencies Presented by: Aurélie Pols @AureliePols
  25. 3. Foster data frugality & documentaTon Agile is the mot du jour, also for data collecTon Old adage: “let’s Presented by: Aurélie Pols @AureliePols collect everything, just in case” New adage: cherry pick the data for which the following must be held true: 1. Without X data apribute, I cannot do Y legi:mate task and need no less than X to do Y 2. Addi:onally collec:ng data point Z will not jeopardize my ini:al data collec:on purpose
  26. Agile ways of working with Purpose and Consent Use meta-­‐data to classify data fields and groups to – Iden:fy Presented by: Aurélie Pols @AureliePols data fields containing PII/personal data, (ad) collec:on source, use and disclosure/sharing; – Iden:fy data fields/groups and their storage that need consent; – Iden:fy data fields that may need correc:on by individuals; – Iden:fy data fields that may need de-­‐ iden:fica:on, anonymiza:on or dele:on.
  27. 4. Cherish HR in Data ProtecTon Human error causes most data breaches Presented by: Aurélie Pols @AureliePols
  28. Presented by: Aurélie Pols @AureliePols Entreprise goal User goals Privacy Policy Requirements Privacy Mechanisms Procedures & Processes Privacy Awareness Training Quality Assurance And escalaTon procedures to akribute responsibility Should we do this analysis?
  29. Security (technical) Presented by: Aurélie Pols @AureliePols Data CollecTon Processes Resources security
  30. Purpose, Consent & Data Uses From: Presented by: Aurélie Pols @AureliePols Purpose Consent FIPPs Data for approved use Purpose Consent New business opportunity Data analysis FIPPs or merging To:
  31. 5. Dialogue & common ground Trust and Creepiness: Consent is about a reasonable expectaTon of the use of data There’s a fine line between: – Feeling Presented by: Aurélie Pols @AureliePols charmed – Feeling invaded Create win-­‐win situa:ons: – Customers give company informa:on – Customers get beper service/value for money
  32. Creepy? Presented by: Aurélie Pols @AureliePols For some. Risk to the business?
  33. Interac:ve discussion SHOULD YOU MEASURE WHEN LOGGED OUT? Presented by: Aurélie Pols @AureliePols
  34. Discussion topics • The Presented by: Aurélie Pols @AureliePols context: which kind of applica:on? sector? • The actors: end client, analy:cs agency/ies, tools • The customer expecta:on: mainly focusing on why a customer logs out • The risk and poten:al liability • Minimum requirements to lower risk
  35. THANKS For coming