Forrester analyst Fatemeh Khatibloo asked if people had made available their report Making Leaders Successful Every Day. Report is available from Personal. She talks about car buying process as an example: start with personal RFP-type offer, receive offers that are customized to our concerns. Our interactions with dealers lead to purchase of a car. (Related: see ISWG’s Car Buying Engagement Model.)
Five key concepts that brands and companies need to do to engage:
Respect my data, respect me
Security of infrastructure, governance
Economy, including penalties for bad behavior
Why is this coming? Consumers are fed up (breaches), but want relevance, convenience and value. Gigya study on single sign-on says many people use social sites for logins.
What should marketers & brands be thinking about: Rewrite your privacy policies to be understood. Create an organization-wide data governance policy. Install a data steward to liase between org and consumers (distinct from IT Privacy officer). Start working towards true data portability.
In future, Forrester is looking at redefining personal data, trust frameworks, how VCs look at this industry, etc.
Session with Terence Craig and Mary Ludloff, PatternBuilders. Terence: their book is Privacy and Big Data (O’Reilly).
Things have changed in privacy and personal information. PII-driven business models (later). Data collectors are the engine: giants like Google, Facebook, Twitter, also organizations and agencies like Florida DMV (sold data to LexisNexus), also mom & pop operations. What makes information valuable? Your health and wealth, the networking you do, the Internet of things (you). What role to the aggregators play: markets for buying and selling data. Uses are infinite: research, monitoring, predictive modeling, advertising…
PII-driven business models:
Platform plays (SAS, Hadoop, Revolution, Microsoft’s SharingInsight, CouchDB, etc.) – where everything is phoning home all the time.
Social plays: LinkedIn, Facebook, Google Plus and Foursquare, but mobile is not this change. Also KISSmetrics, Klout, Zinga, hootsuite, radian6.
Goverment plays: TSA and NSA, FBI, IRS, can buy from Facebook, Palantir (DOD).
Privacy plays: SafetyWeb, reputation.com, TRUSTe, Singly, also Intellilight (in Detroit, attached to street lights where if there are a couple of people are there it turns audio mike and calls police), Spokeo, Datong
Everyone plays: not just about advertising, many industries and business models benefit.
Implications for all PII players: privacy expectations, regulatory adherence (global), transparency (toward customers), crisis management. Privacy concerns are growing with consumers. Government is signalling that concern with new legislation. Companies must invest in this area, including training and certification.
Regulations: it’s confusing and will get more so. US: >30 federal states, >100 state regs for data security privacy. EU, pending legislation adds more. Bottom line; you’re going to need help here. Be transparent, be explicit about what you can’t provide. Use opt-in data options only.
Crisis management: when things to wrong, know how you are going to deal with them. Get a team and process in place. It’s about staying with the story if you can (used to be getting ahead of the story, now stay with). How to avoid a train wreck: be transparent, think global, be ready for breaches, behave as if you were worth your customers’ trust.
Question: opt-in: don’t short the short-term: be transparent. Opt in is a good way for customers to choose, is sticky.
Danah Boyd is an insightful researcher. She just wrote a post called “Real Names” Policies Are an Abuse of Power in which she takes Google to task for their changing policies and rather abrupt practice of kicking people off of Google Plus. I agree that being arbitrary is an abuse of power when it affects people so strongly (disabling an account removes the use of all services, not just Google Plus). However, there are two kinds of power: shared, and proprietary.
Google, along with Facebook, Twitter, and in fact nearly all Internet-based services (Amazon, eBay, your Internet service provider, etc.), are proprietary. These services are run by companies that:
are private or beholden to shareholders (their “business model”),
have one-sided Terms of Service and Policy documents that users are required to agree to, and
are based on the selective delivery of their user base to their customers (usually advertisers).
A striking characteristic of these businesses is that they have a practice of reducing things to black and white. Our chosen (registered) name “is” or “is not” really us. See Doc’s post A Sense of Bewronging for more thought on this. In a simplified (business) sense, it is an abuse of social power to declare that many of us are not who we say we are, even if we’re known to many others by our chosen registered name.
Contrast this with a shared power model, like a commons, or services that are implemented according to open standards. The underlying Internet protocols (the apache web server, sendmail, TCP/IP, etc.) are not owned by anyone, everybody can use them, and anybody can improve them. These resources are shared—no terms of service is required to use the Internet or email with any device you choose, with any compatible software, from any location that has access. “Commons” is where you can be who you are, no matter what name you go by.
Coaching moment: This may be a non-issue for some. I have friends that use their name to create a “brand” for themselves—so people will recognize them everywhere, and know what they’re about. However, that’s not an option for people in sensitive situations. Think of it this way: Everyone has a moment when they choose not to disclose some bit of information to the world. Sometimes it’s a name. That’s not a bad thing, and it should be a choice.
1. Mobile identity always has been and will continue to be the biggest game in town. Each year nearly 5 billion smart card technology subscriber identity modules are sold. And as smart phones grow in sophistication and as a result occupy an increasing percentage of user screen time they will become the most important area in the identity marketplace.
2. None of the Facebook, Google, OpenID, triad will actually manage to issue trusted identities in 2011 and consumers will continue to fail to realize they are the product and not the customer for these and many other identity providers.
7. The User Managed Access work of the Kantara Initiative will gain support as it addresses the overarching requirement of the need for user control of personal information in the era of shared infrastructure.
9. Consumers will demand the adoption and benefits of commercial off-the-shelf application software to provide privacy and identity protection of data at rest and in motion via encryption and secure channels in their day to day communications with banks, health care organizations, and other organizations even in those states where it is not mandated.
11. Identity theft and fraud will continue to grow and be subsidized by consumers via premiums, user fees and interest rates without the mandate for strong interoperable identities. And while the National Strategy for Trusted Identities will talk the talk it remains to be seen if it can walk the walk.
Coaching moment: As passive customers of digital services, we are prone to greater influence and manipulation by the system, for the benefits of the system and not for ourselves. If we wish to empower ourselves–and the commercial marketplace generally–with better and more trustworthy practices, we will need to be active and even vocal supporters of the alternatives that lead us in that preferred direction. This isn’t as scary as it might seem. It just means making certain choices more mindfully, more aware of the cost of “free.”
I like to think about ways to customize my world, and the digital world writ large, in ways that support and help us explore our unique selves. It is in our very diversity that individual strengths can play out to become our personal best, to help each other grow, and create fertile new worlds.
This indiscriminate personal data hoarding is both an individual and a societal problem. Schmidt’s argument that we shouldn’t have anything to hide is specious (not to mention a double standard: it doesn’t apply to Schmidt). In a 2007 paper called ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy, George Washington University Law School’s Daniel J. Solove convincingly critiques that argument. Indeed we have many things to hide, like our passwords and credit card numbers, certain personal habits and preferences, things that contribute to human dignity and respect. As noted security expert Bruce Schneier writes in his essay The Eternal Value of Privacy, “Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control.”
I’m looking for examples of sites that encourage liberty and demonstrate some respect for its users/clients. I will be reporting on what I find. If you have suggestions, I welcome them.
Coaching moment: Here’s a little thought exercise. Think about a typical day in your life.
What kind of things do you do in private? These might be taking a shower, brushing your teeth, thinking about the day. Some things might be really private as in just you by yourself, and other things may be private in some context, like thinking about your day out loud with your spouse or partner. Once you get a good list, which of those things would make you uncomfortable if they were made public in some way?
Now think of the kind of things you do in public, like driving to work or the store, walking around, having a conversation over lunch. Think about stories that might be told about you from the perspective of not knowing what you were really doing. You might take clues from signs that you walk by, or maybe other people (posture, groupings, facial expressions). Can you think of any stories that are not only wrong but might hurt you?
Finally, think about your online tools. Have you actually looked at the Terms of Service or Privacy Policies that you’re agreeing to? If you knew they were disrespectful to you or even abusive of your personal self and liberty, would you stop using them? Since the answer is “probably not,” what would you suggest these companies change?