Posts Tagged ‘pii2011’

PII 2011: Personal Identity Management

November 15th, 2011
Comments Off

Forrester analyst Fatemeh Khatibloo asked if people had made available their report Making Leaders Successful Every Day. Report is available from Personal. She talks about car buying process as an example: start with personal RFP-type offer, receive offers that are customized to our concerns. Our interactions with dealers lead to purchase of a car. (Related: see ISWG’s Car Buying Engagement Model.)

Five key concepts that brands and companies need to do to engage:

  1. Respect my data, respect me
  2. Security of infrastructure, governance
  3. Transparency
  4. Data portability
  5. Economy, including penalties for bad behavior

Why is this coming? Consumers are fed up (breaches), but want relevance, convenience and value. Gigya study on single sign-on says many people use social sites for logins.

What should marketers & brands be thinking about: Rewrite your privacy policies to be understood. Create an organization-wide data governance policy. Install a data steward to liase between org and consumers (distinct from IT Privacy officer). Start working towards true data portability.

In future, Forrester is looking at redefining personal data, trust frameworks, how VCs look at this industry, etc.

records, tools , , , , , ,

PII 2011: Startup Spotlight: OneId

November 15th, 2011
Comments Off

PII 2011: Startup Spotlight: Disconnect

November 15th, 2011
Comments Off

Brian Kennish and Casey Oppenheim of Disconnect on this session. They’re a privacy start-up making simple tools to help manage data. Brian worked at DoubleClick, Google. Casey worked as (criminal?) investigator in Manhattan, lawyer about privacy. History of company: article on Facebook leaking vast private data store. Created a browser plug-in expecting small group, ended up with many users in 2 weeks. Study about how much data social networking companies collect (lots! wow.). Same thing with ad companies: “anonymous” may not be so. (Note: look for Brian’s talk at DefCon)

Browser extension: disables 3rd party tracking, depersonalizes your searches, shows blocked services & cookies, easily unblock services. Privacy icons project: four icons that represent various privacy policies.

Revenue model: pending, in the works, users may monetize their own data.

How do we know, how do we understand what’s in these TOS agreements? Hoping to crowd source various policy statements. At some point, icons will be displayed in browsers. When users understand what’s happening with their data, they’re more interested in privacy.


records, tools , , , , , ,

PII 2011: Making Privacy Portable

November 15th, 2011
Comments Off

Larry Downes moderating panel with Chris Babel, TRUSTe, Jim Brock, PrivacyChoice, and Chris Kelly, Kelly Investments. Jim: PrivacyChoice’s mission is to make privacy easier: managing online, templates, partners & their APIs. We’re bootstrapped right now. Chris B: TRUSTe: privacy services have evolved into advertising, mobile and cloud spaces. Was non-profit but 2.5 years ago we went for-profit. Chris K: companies with data components of user behavior, concerns with venture model.

Larry: privacy was a cost (or risk) of doing business, now we’re looking at empowering users in a way that generates profits. Anecdotal experience in making privacy profitable, and what we learned? Jim: customers have been coming to us (on business side) with a compliance model, wanting to see uplift in their site with TRUSTe seal. Customers have concerns, their seal helps address that. Chris B: space between customer needs and marketing efforts. “Profile Choice” allows real-time bidding on aggregate-able info, didn’t find the right mix at that time. Chris K: misunderstandings between what companies are trying to do and what customers believe they’re doing. Using data for ad targeting within a company privacy policy. Beacon became Facebook Connect.

Larry: Beacon, and Google Buzz, had unsuccessful launch: unclear purpose (benefits), generating FTC complaints. Is there something about the launch of a product or service that makes it more dangerous or risky than other times? Jim: use of large datasets are prone to claims of changing the rules. If you’re working in areas that weren’t contemplated, that can be confusing, need to think about how to advance sharing practices. Navigating these waters is extraordinarily difficult. Jim: any future change may be viewed as a breach of privacy, unexpected changes (lack of or poor communications, offer choices, does company honor user choices, no accountability). Chris K: FTC, government isn’t in a good position to deal on this level but you don’t want to attract their attention.

Larry: sources of funding? Chris: question is no longer is privacy big enough, now it’s what are the top level matters? Investment community–advertising (every $ spent wants to be more targetted). Jim: process in ad targeting space, global, and how little is online: ad people are demanding more information about who’s receiving their ads.

Larry: about your not taking public investments? Jim: happy accident.

Chris K: Forensics for providing choice or for analytics/response: there are techniques, can take better control over this as web providers to help users. Data flow as arms business: companies that need to control what’s happening on their site or people who want to offer services to consumers. Chris B: targeted ads now more transparent. Balance against malware, cookies and their sources that feels more like security.

Larry: FTC’s interest in these issues, pending legislation in Congress–how does possibility of regulations affect climate for investment? Chris K: uncertainty is a cloud, straightforward means of regulation can move industry forward. But interim finger-pointing, lobbying gaming, are problems. Likes EU model, but we’re moving away from that. Chris B: gov is crowdsourcing communities, online advertising and ad space initiatives are trying to be more self-regulating. Still uncertain, industry groups and co-regulation being brought up and talked about. Chris K: Congress is a giant consumer of these targeting services. Behavioral targeting seems to be settling. Larry: what if a new regulation passes that takes a business model out or forces… Chris K: legislation takes time to effect.

Questions. Did people that saw the TRUSTe seal click on the seal or just go with it? Chris: clicks were low, most people recognize seal as an envelope.  What are people choosing? (site can collect, store, use for ad targeting, give to 3rd parties) Chris K: policy should say. We can’t make sure people read the policy. Do I have a right not to have data collected? Ends up as different perspectives from people vs industry, investment (collect data).

future, records, tools , , , , , , , , , , , , ,

PII 2011: Mapping the PII Market: Players, Regulators, Stakeholders

November 15th, 2011
Comments Off

Session with Terence Craig and Mary Ludloff, PatternBuilders. Terence: their book is Privacy and Big Data (O’Reilly).

Things have changed in privacy and personal information. PII-driven business models (later). Data collectors are the engine: giants like Google, Facebook, Twitter, also organizations and agencies like Florida DMV (sold data to LexisNexus), also mom & pop operations. What makes information valuable? Your health and wealth, the networking you do, the Internet of things (you). What role to the aggregators play: markets for buying and selling data. Uses are infinite: research, monitoring, predictive modeling, advertising…

PII-driven business models:

  • Platform plays (SAS, Hadoop, Revolution, Microsoft’s SharingInsight, CouchDB, etc.) – where everything is phoning home all the time.
  • Social plays: LinkedIn, Facebook, Google Plus and Foursquare, but mobile is not this change. Also KISSmetrics, Klout, Zinga, hootsuite, radian6.
  • Goverment plays: TSA and NSA, FBI, IRS, can buy from Facebook, Palantir (DOD).
  • Privacy plays: SafetyWeb,, TRUSTe, Singly, also Intellilight (in Detroit, attached to street lights where if there are a couple of people are there it turns audio mike and calls police), Spokeo, Datong
  • Everyone plays: not just about advertising, many industries and business models benefit.

Implications for all PII players: privacy expectations, regulatory adherence (global), transparency (toward customers), crisis management. Privacy concerns are growing with consumers. Government is signalling that concern with new legislation. Companies must invest in this area, including training and certification.

Regulations: it’s confusing and will get more so. US: >30 federal states, >100 state regs for data security privacy. EU, pending legislation adds more. Bottom line; you’re going to need help here. Be transparent, be explicit about what you can’t provide. Use opt-in data options only.

Crisis management: when things to wrong, know how you are going to deal with them. Get a team and process in place. It’s about staying with the story if you can (used to be getting ahead of the story, now stay with). How to avoid a train wreck: be transparent, think global, be ready for breaches, behave as if you were worth your customers’ trust.

Question: opt-in: don’t short the short-term: be transparent. Opt in is a good way for customers to choose, is sticky.

future, history, records, tools , , , , , , , , ,