Privacy and Business: Go Beyond Compliance to Competitive Advantage - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

Privacy and Business: Go Beyond Compliance to Competitive Advantage

Description:

Consumers either as concerned or more concerned about online privacy ... Toll-free number was one digit different from an internal bank fax number ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 43
Provided by: ipc12
Category:

less

Transcript and Presenter's Notes

Title: Privacy and Business: Go Beyond Compliance to Competitive Advantage


1
Privacy and BusinessGo Beyond Compliance to
Competitive Advantage
  • Ann Cavoukian, Ph.D.
  • Information Privacy Commissioner/Ontario
  • Designing for Privacy Privacy Fundamentals and
    Competitive Strategies
  • HP Online Privacy Summit
  • December 9, 2004

2
Impetus for Change
  • Growth of Privacy as a Global Issue
  • EU Directive on Data Protection
  • Increasing amounts of personal data collected,
    consolidated, aggregated
  • Consumer Backlash heightened consumer
    expectations

3
Privacy After 9/11
  • Introduction of anti-terrorism statutes world
    wide
  • U.S Patriot Act

4
Anti-Terrorism Laws Why be Concerned?
  • General Issues
  • Expanded scope of domestic surveillance
  • Lack of justification
  • Weakening Judicial Controls
  • Lack of Oversight

5
Importance of Consumer Trust
  • In the post-9/11 world
  • Consumers either as concerned or more concerned
    about online privacy
  • Concerns focused on the business use of personal
    information, not new government surveillance
    powers
  • If consumers have confidence in a companys
    privacy practices, consumers are more likely to
  • Increase volume of business with
    company.... 91
  • Increase frequency of business.... 90
  • Stop doing business with company if PI
    misused83
  • Harris/Westin Poll, Nov. 2001 Feb. 2002

6
Information Privacy Defined
  • Information Privacy Data Protection
  • Freedom of choice control informational
    self-determination
  • Personal control over the collection, use and
    disclosure of any recorded information about an
    identifiable individual

7
What Privacy is Not
  • Security ? Privacy

8
Privacy and Security The Difference
  • Authentication
  • Data Integrity
  • Confidentiality
  • Non-repudiation
  • Privacy Data Protection
  • Fair Information Practices
  • Security
  • Organizational control of information
    through information systems

9
Fair Information PracticesA Brief History
  • OECD Guidelines on the Protection of Privacy and
    Transborder Flows of Personal Data
  • EU Directive on Data Protection
  • Canada Personal Information Protection and
    Electronic Documents Act (PIPEDA)
  • US Safe Harbour Agreement
  • Private sector privacy laws in multiple
    jurisdictions

10
OECD Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data
  • Collection Limitation Principle
  • Data Quality Principle
  • Purpose Specification Principle
  • Use Limitation Principle
  • Security Safeguards Principle
  • Openness Principle
  • Individual Participation Principle
  • Accountability Principle

11
United StatesSafe Harbor Privacy Principles
  • Notice
  • Choice
  • Onward Transfer
  • Security
  • Data Integrity
  • Access
  • Enforcement

12
The Bottom Line
  • Privacy should be viewed as a business issue, not
    a compliance issue

13
The Promise
  • Electronic Commerce projected to reach 220
    billion by 2001 WTO, 1998

Estimates revised downward to reflect lower
expectations
  • Electronic Commerce projected to reach 133
    billion by 2004
  • Wharton Forum on E-Commerce, 1999

14
Privacy is affecting E-Commerce
  • United States e-commerce sales were only 1.6 of
    total sales -- 54.9 billion in 2003
  • -U.S. Dept. of Commerce Census Bureau, February
    2004
  • Canada Online sales were only 0.6 of total
    revenues -- 13.7 billion in 2002
  • Statistics Canada, April 2003

15
Lack of Privacy Lack of Sales
  • Consumer privacy apprehensions continue to
    plague the Web. These fears will hold back
    roughly 15 billion in e-commerce revenue.
  • Forrester Research, September 2001
  • Privacy and security concerns could cost online
    sellers almost 25 billion by 2006.
  • Jupiter Research, May 2002

16
ISF Highlights Damage done by Privacy Breaches
  • The Information Security Forum reported that a
    companys privacy breaches can cause major damage
    to brand and reputation
  • 25 of companies surveyed experienced some
    adverse publicity due to privacy
  • 1 in 10 had experienced civil litigation, lost
    business or broken contracts
  • Robust privacy policies and staff training were
    viewed as keys to avoiding privacy problems
  • The Information Security Forum, July 7, 2004

17
How The Public Divides on Privacy
The Privacy Dynamic - Battle Dr. Alan
Westin for the minds of the pragmatists
18
Its all about Trust
  • Trust is more important than ever online Price
    does not rule the Web
  • Trust does.
  • Frederick F. Reichheld, Loyalty Rules
  • How Todays Leaders Build Lasting Relationships

19
The High Road
  • When customers DO trust an online vendor, they
    are much more likely to share personal
    information. This information then enables the
    company to form a more intimate relationship with
    its customers.
  • Frederick F. Reichheld, Loyalty Rules How
    Todays Leaders
  • Build Lasting Relationships

20
Lack of Trust on the Web
  • In 70 of instances where Internet users were
    asked to provide information in order to access
    an online informational resource, those users did
    not pursue the resource because they thought
    their privacy would be compromised.
  • Narrowline Study, 1997

21
Trust and Privacy Policies
  • Fully 50 of online users said they would leave a
    Web site if they were unhappy with a companys
    privacy policy.
  • Customer Respect Group, February 2004 survey

22
Privacy and Customers
  • The 11 enterprise, operating in an interactive
    environment, relies not just on information about
    customers, but on information from them.
  • It is absolutely imperative for the 11
    enterprise to take into account the issue of
    protecting individual customer privacy.
  • Enterprise One to One Tools for
    Competing in the
  • Interactive Age Don Peppers and Martha
    Rogers, Ph.D.

23
Permission-Based MarketingThe Personal Touch
  • Essential premise persuade consumers
  • to volunteer their attention
  • Puts control in the hands of consumers
  • Makes consumers active recipients of marketing
    information
  • Permission marketing is just like dating.
  • Seth Godin

24
Privacy and CRM
  • Incorporating Privacy into Marketing and Customer
    Relationship Management
  • Paper released in May, 2004
  • The result of novel a novel partnership between
    the Canadian Marketing Association and the IPC
  • CRM and marketing must include privacy to be
    fully successful

25
Hot Topics RFIDs
  • Products are embedded with an RFID tag, which
    includes a microchip and tiny radio antenna
  • The microchip may contain data about the product
    (e.g., price, size, colour, manufacture date,
    etc.)
  • Cases and pallets of products may also include
    their own RFID tags

26
Privacy and RFIDs
  • RFID tags contain information about a product,
    not an individual
  • Consumers perceive that RFIDs may facilitate
  • The merger and linking of product information and
    personal information without consent
  • The ability to track consumers who have purchased
    a product
  • The establishment of a widespread surveillance
    infrastructure

27
Implementing RFIDs
  • A failure to build privacy into the design and
    implementation of RFIDs can produce a consumer
    backlash
  • This can have an adverse impact on a companys
    reputation and affect the bottom line

28
Hot Topics Digital Entertainment
  • TiVo gives viewers the ability to pause live
    television, record shows by name, and watch
    programs according to their own schedule
  • Real Networks Jukebox
  • Windows Media Player

29
Privacy Issues
  • Ability to track users viewing, listening habits
    and preferences
  • Data can be matched with customer data and
    lifestyle data disclosed directly or indirectly
    by the customer or obtained from other 3rd
    parties
  • Disclosures to 3rd parties

30
Addressing Privacy Issues
  • Changes to user preferences (to provide more
    control over information)
  • More privacy protective software default settings
  • More robust notice mechanisms
  • Greater use of opt-in consent
  • Less use of unique identifiers
  • Changes to back-end IM/IT information-handling
    processes

31
Hot Topics Workplace Privacy
  • In the new millennium, surveillance seems to be
    becoming an increasingly inescapable feature of
    life
  • Technological innovation has made surveillance
    easier, more affordable, and less visible than
    ever before

32
Why Employers Pry
  • Suspicion of Theft
  • Suspicion of Drug/Alcohol Abuse
  • Workplace Discrimination, Abuse
  • Interpret Employee Turnover
  • Poor Work Performance
  • Employee Misconduct
  • Negligent Hiring Liability
  • Unauthorized use of property

33
How Employers Pry
  • There are many monitoring tools available,
    including
  • Key stroke monitoring software
  • Web surfing
  • E-mail
  • Video
  • Telephone

34
Evidence of Adverse Impact
  • 2004 report on The Future Role of Trust in Work
    released by the London School of Economics and
    Political Science (LSE) collated research from 15
    major field studies done around the world over
    the last three years.
  • Reveals that managers are using technologies such
    as e-mail, mobile phones and Short Messaging
    Service to keep tabs on employees when in
    actuality they are reducing workers' productivity
    and the amount of time that they spend serving
    customers.

35
Hot Topics Growth of Biometrics
  • U.S. Border Security Enhancement Act
  • International Civil Aviation Organization
    approved facial recognition for travel documents
  • EU to implement biometrics in passports and visas
  • CANPASS and INSPASS programs
  • AAMVA Unique Identifier Working Group

36
The Myth of Accuracy
  • The problem with large databases containing
    thousands (or millions) of biometric templates
  • False positives
  • False negatives

37
Biometric Applications
  • Identification
  • one-to-many comparison
  • Authentication
  • one-to-one comparison

38
CIBC Privacy Breach
  • West Virginia scrap yard operator alleges that
    since 2001, his telephone system has been deluged
    with confidential CIBC customer data (e.g. SSN,
    account no., client signature)
  • Toll-free number was one digit different from an
    internal bank fax number
  • Filed a lawsuit against CIBC claiming his
    business was ruined
  • CIBC filed a court action accusing him of
    deliberately leaking customer data

39
CIBC Privacy Breach (contd)
  • Bank acknowledges reports of the misdirected
    faxes dating back to February 2002
  • An e-mail message was sent to staff to check
    their fax machines
  • The matter was not otherwise investigated or
    escalated to senior levels
  • CIBC issued a formal apology and took remedial
    action (e.g. notification of individuals fax
    number taken out of service)
  • Federal Privacy Commissioner investigating

40
IPCs Privacy Crisis Management Protocol
  • It is critical to have procedures to immediately
    address privacy breaches, starting with these
    important steps
  • Containment
  • Identify the scope of the breach and contain it.
  • Notification
  • Notify individuals whose privacy was breached
  • Other action
  • appropriate staff notified immediately internal
    investigation address systemic issues

41
Final Thought

Anyone today who thinks the privacy issue has
peaked is greatly mistakenwe are in the early
stages of a sweeping change in attitudes that
will fuel political battles and put once-routine
business practices under the microscope. Forreste
r Research, March 5, 2001
42
How to Contact Us
  • Commissioner Ann Cavoukian
  • Information Privacy Commissioner/Ontario
  • 2 Bloor Street East, Suite 1400
  • Toronto, Ontario M4W 1A8
  • Phone (416) 326-3333
  • Web www.ipc.on.ca
  • E-mail commissioner_at_ipc.on.ca
Write a Comment
User Comments (0)
About PowerShow.com