5 bs facts about data privacy everyone thinks are true
DESCRIPTION
Presentation by Tamara DullTRANSCRIPT
#SocialShakeUp@tamaradull
5 BS FactsAbout Data Privacy
Everyone ThinksAre True
Tamara Dull
Director of Emerging Technologies
SAS Best PracticesTuesday September 16, 201411:45am, Industry 3
#SocialShakeUp@tamaradull
I call bullshit.
Fact #1. “I’ve got nothing to hide.”
Fact #2. Privacy policies apply to data, not users.
Fact #3. A single privacy policy will suffice for all your data.
Fact #4. Anonymized data keeps my personal identity private.
Fact #5. Privacy is dead.
#SocialShakeUp@tamaradull
We each have a role to play in data privacy.
1. Go to BDP bootcamp.
2. See BDP issues in action.
3. Leave with a 5-step BDP action plan.
#SocialShakeUp@tamaradull
BDP BootcampBegins NowThe basics of big data privacy in 15 minutes.
#SocialShakeUp@tamaradull
The BDP debate isn’t about behavioral advertising.
#SocialShakeUp@tamaradull
The BDP debate is about…
transparency
internet age
trustethics
security
right to privacy
no borders
global differences
safety
context
#SocialShakeUp@tamaradull
There are four primary ways to look at BDP.
#SocialShakeUp@tamaradull
#1. The consumer.
i.like.free.
#SocialShakeUp@tamaradull
#2. The private sector.
we.like.
money.
#SocialShakeUp@tamaradull
#3. The constituent.
orwellian.
utopian.
#SocialShakeUp@tamaradull
#4. The public sector.
liberty.vs.dignity.
#SocialShakeUp@tamaradull
Trust is the glue that will keep the data ecosystem together.
#SocialShakeUp@tamaradull
The BDP bootcamp basics.
The BDP debate isn’t about behavioral advertising.
There are four primary ways to look at BDP: The consumer. The private sector. The constituent. The public sector.
Trust is the glue that will keep the data ecosystem together.
#SocialShakeUp@tamaradull
Big Data Privacyin ActionCutting through the bullshit.
#SocialShakeUp@tamaradull
Let’s take a look under the hood. First up: the users.
categorize your users—by audience.establish policies for users and user groups.u
se rap
ppla
tfor
mdat
a
standard report users (aka common report library)
HR and office of the chief privacy officer
executives and board of directors
statisticians/data scientists
power users (certified)
line of business executives—shared
line of business executives—independent
power users (uncertified)
remote partners/suppliers
ad hoc query users
#SocialShakeUp@tamaradull
Next up: the data.
categorize your data—by type
use r
ap
ppla
tfor
mdat
a
cross-functional process-
specificreporting
department-specific
referencemetadata
master controlledhistorical
transactional
openanalytical
#SocialShakeUp@tamaradull
Still up: the data.
and by security level…establish policies for data categories.
use r
ap
ppla
tfor
mdat
a
public - unrestricted
internal use - restricted
high risk - confidential
3-level security model
corporate
external - sanctioned
external - sensitive
available
sanctioned
sensitive
restricted
confidential
8-level security model
#SocialShakeUp@tamaradull
And finally: the apps and platforms.
where the data lives.establish policies on who can access what.
the user’s primary interface to the data.establish policies on who can access what.
use r
ap
ppla
tfor
mdat
a
#SocialShakeUp@tamaradull
use r
ap
ppla
tfor
mdat
aNow let’s put it all together.
#SocialShakeUp@tamaradull
Remember these “facts”?
Fact #2. Privacy policies apply to data, not users.
Fact #3. A single privacy policy will suffice for all your data.
Fact #4. Anonymized data keeps my personal identity private.
#SocialShakeUp@tamaradull
Privacy policies apply to data, not users.
use r
ap
ppla
tfor
mdat
a
, apps and platforms.
#SocialShakeUp@tamaradull
A single privacy policy will suffice for all your data.
use r
ap
ppla
tfor
mdat
a
A website example:
Policy. What user information is being collected.
Choice. What options user has about how/whether her data is collected and used.
Access. How user can see what data has been collected and change/correct it, if necessary.
Security. How collected data is stored and protected.
Redress. What user can do if policy is not met.
Updates. How policy changes will be communicated. Reference: BBB Code of Business Practices
#SocialShakeUp@tamaradull
A single privacy policy will suffice for all your data.
use r
ap
ppla
tfor
mdat
awon’t
#SocialShakeUp@tamaradull
Anonymized data keeps my personal identity private.
use r
ap
ppla
tfor
mdat
a
remove PII (personally identifiable
information) from a single dataset
#SocialShakeUp@tamaradull
Anonymized data keeps my personal identity private.
use r
ap
ppla
tfor
mdat
a
remove PII from multiple datasets
#SocialShakeUp@tamaradull
Anonymized data keeps my personal identity private.
use r
ap
ppla
tfor
mdat
a
doesn’t keep
re-identify individuals
#SocialShakeUp@tamaradull
A 5-Step BDPAction PlanWhat you can do about big data privacy after the conference.
#SocialShakeUp@tamaradull
Step #1. Take digital control.
#SocialShakeUp@tamaradull
Step #2. Give customers easy access and rights to their data.
#SocialShakeUp@tamaradull
Step #3. Become a privacy advocate.
#SocialShakeUp@tamaradull
Step #4. Take a lead role in the global privacy theater.
#SocialShakeUp@tamaradull
Step #5. Stop the bullshit.
BS Fact #1. “I’ve got nothing to hide.”
BS Fact #2. Privacy policies apply to data, not users.
BS Fact #3. A single privacy policy will suffice for all your data.
BS Fact #4. Anonymized data keeps my personal identity private.
BS Fact #5. Privacy is dead.
#SocialShakeUp@tamaradull
Fact #1We’ve all got something to hide. It just
depends from whom.
Step #5. Stop the bullshit.
BS Fact #1
“I’ve got nothing to hide.”
#SocialShakeUp@tamaradull
Fact #2Privacy policies apply to both data and
users.
Step #5. Stop the bullshit.
BS Fact #2Privacy policies apply to data, not users.
#SocialShakeUp@tamaradull
Fact #3
You need multiple privacy policies for your data categories.
Step #5. Stop the bullshit.
BS Fact #3
A single privacy policy will suffice for all your data.
#SocialShakeUp@tamaradull
Fact #4Individuals can be re-identified from
anonymized data.
Step #5. Stop the bullshit.
BS Fact #4Anonymized data keeps my personal
identity private.
#SocialShakeUp@tamaradull
Fact #5Privacy is not dead. Yet.
Step #5. Stop the bullshit.
BS Fact #5
Privacy is dead.
#SocialShakeUp@tamaradull
Step #5. Stop the bullshit.
Fact #1. We’ve all got something to hide. It just depends from whom.Fact #2. Privacy policies apply to both data and users.Fact #3. You need multiple privacy policies for your data categories.Fact #4. Individuals can be re-identified from anonymized data.Fact #5. Privacy is not dead. Yet.
#SocialShakeUp@tamaradull
Your 5-step BDP action plan.
Step #1. Consumers, take digital control.
Step #2. Private sector, give customers easy access and rights to their data.
Step #3. Constituents, become privacy advocates.
Step #4. Public sector, take a lead role in the global privacy theater.
Step #5. You, stop the bullshit.
#SocialShakeUp@tamaradull
We each have a role to play in data privacy.What’s yours?
#SocialShakeUp@tamaradull
It’s a big data world out there. Now let’s be safe.
Tamara DullDirector of Emerging TechnologiesSAS Best Practices
#startshamelessplug
Visit my big data blog series on SmartData Collective:
www.smartdatacollective.com
#endshamelessplug
#SocialShakeUpTuesday September 16th 11:45am, Industry 3
Before you leave this presentation, please go to the following URL on your smartphone:
bit.ly/SSUevalWe’d love your feedback, so please let us know your thoughts
about the session.
This session title is:5 BS Facts About Data Privacy Everyone Thinks Are
True
Session Evaluation Survey