Tag Archives: Personally identifiable information

Big Data and Privacy: The Legal Landscape Affecting Corporate Research by Shannon Harmon, JHC #CRC2014 #MRX

CRC_brochure2013Live blogging from the Corporate Researchers Conference in Chicago. Any errors or bad jokes are my own.

Big Data & Privacy: The Legal Landscape Affecting Corporate Research by Shannon Harmon, JHC

  • our lives are a series of data points
  • more opportunity vulnerability and the potential for greater abuse
  • smaller entity might purchase data from 3rd party
  • who owns the data, who has the right to access the data, what steps are taken to keep it secure
  • goal of any regulation is to protect personally identifiable information form breach and misuse
  • you can identify people with very little information so keep in mind a lot of information is PII
  • Notice and consent: need to provide notice of how the data will be used, and then obtain consent – this is the core of the law related to privacy, you need to make sure the right practices were followed to do this
  • Where do we look for oversight? Right now, state attorney general, FTC, FCC, FDA
  • Fair information practice principle – only collect what you need to collect and only retain it for as long as is necessary to fulfill the specified purpose
  • FIPP – data quality and integrity – organizations should ensure that the PII is accurate, relevant, timely and complete and this is difficult if you’ve purchased the data, supplier should have a structure in place to ensure this
  • Consumer privacy protection bill of rights – google search this – things corporations should do to protect privacy, this area will become increasingly more regulated so think ahead
  • Fair Credit Reporting Act – example of what big data protection framework should look like, right to review your credit report and make sure it’s accurate and get it fixed if it’s not correct, this is where we’re headed, your digital dossier is being collected and you don’t know how decisions about you are being made, you can’t contest your big data points… right now
  • special considerations for health data – apple has stated that any app developers cannot use any of the health data for advertising, or data-mining except to help an individual manage their health or for medical research. but is apple responsible for developer compliance? what if a data broker got the data from someone who wasn’t supposed to have it in the first place?
  • considerations for researchers
    • where is the data being obtained, what are the sources
    • what practices are being used to obtain it and what is your confidence in your aggregator
    • how is the data being trained to arrive at conclusions? what algorithms? what human manipulation?
    • think about the vendor/subcontractor relationship, is the contractor independent? a substandard contractor impacts you
  • we need
    • use restrictions – can’t use big data to discriminate on age, race, etc
    • oversight – protect against unregulated digital dossiers
  • KNOW YOUR INFORMATION SOURCE
  • be intimately knowledgeable about your company’s data gathering practices – informed consent, opt-out, internal user access controls
  • be ready to evolve as the law is only beginning to be developed in this area

Advertisements

Canadian Senate: Boring mumbo jumbo or fascinating privacy discussions? #MRX

Bumped to first class!

Bumped to first class!

On my way to prep for our Senate meeting

On my way to prep for our Senate meeting

Today, I was pleased and, more correctly, honoured to appear before a Senate Committee to speak with Kara Mitchelmore, the CEO of the MRIA, regarding Senate Bill S-4, the Digital Privacy Act. The official opinion will shortly be available but for those of you who can’t wait, here is the basic gist of it. Any inaccuracies here are my own. 1) Breach notifications should be mandatory, and the Privacy Commissioner should be the unbiased third party that determines what is a real risk of significant harm to an individual. 2) The MRIA supports the provisions in the bill which add clarity to what is valid consent. The committee may be interested in our code of conduct which contains a section on the ethical issues in dealing with children and young people. 3) The MRIA is pleased that PIPEDA will be amended to allow the transfer of personal information from an organization to a prospective purchaser or business partner (think mergers and acquisitions). 4) The MRIA does not support allowing organizations to share personal information of individuals to other organizations without consent. It should follow due process such as through a court order.

Senate Committee agenda

Senate Committee agenda

5) The MRIA would like to close a loophole which allowed organizations to share personal information without consent to an investigative body or government institution. It should follow due process such as through a court order. After we spoke, Michael Geist, a law professor at the University of Ottawa, made numerous excellent points (Michael’s website). Some of his comments are included here (any errors or misrepresentations are my own).

Enhanced by Zemanta

Consumer Segmentation Gone Wrong

Don’t get me wrong. I know why they do it. Company’s want to make sure that when someone visits their website, the site is as relevant as possible. They want to ensure that what you see on their website is what you’ll see in the store. But, things have gone just a bit too far for me. For instance, Home Depot won’t even let me look at their website unless I tell them my zip code. Are they not aware that zip codes are PII (personally identifiable information)? They don’t even give you an option to see a generic site. Your only option is to lie, something I’m completely against given I am an expert in survey data quality. So basically, when I shop around, I don’t end up buying at Home Depot.
HDsegment

Here’s another example. Cheerios won’t let me look at their site unless I tell them my age and how old my children are. Sure, I could just choose one of the four sites that I think would be most interesting, but dang it, I just want to see their website. Where’s the generic site for people who want to maintain some sense of privacy, the site where people know their demos aren’t being tracked? Nowhere that I see.
cheersegment
Segmentation is a great tool. It lets you understand people better and provide better services. But please, don’t segment me out of your store. Unless you don’t want my money.

Related Articles

 

  • Venn Diagram of Deep Fried, On a Stick, Sweets I Ate
  • A Pie Chart of my Favourite bars…
  • PRAM: Multiple Coder Reliability Calculator
  • 1 topic, 5 blogs: Rich Media in Surveys
  • 3 Reasons Why Researchers Hate Focus Groups #MRX
  • 1 Topic 5 Blogs: DIY surveys suck or save the day
  • %d bloggers like this: