5 BS Facts About Data Privacy Everyone Thinks Are True
1. 5 BS Facts
About Data Privacy
Everyone Thinks
Are True
@tamaradull #SocialShakeUp
Tamara Dull
Director of Emerging Technologies
SAS Best Practices
Tuesday September 16, 2014
11:45am, Industry 3
2. @tamaradull #SocialShakeUp
I call bullshit.
Fact #1. “I’ve got nothing to hide.”
Fact #2. Privacy policies apply to data, not
users.
Fact #3. A single privacy policy will suffice for all
your data.
Fact #4. Anonymized data keeps my personal
identity private.
Fact #5. Privacy is dead.
3. We each have a role to play in
data privacy.
@tamaradull #SocialShakeUp
1. Go to BDP bootcamp.
2. See BDP issues in action.
3. Leave with a 5-step BDP action plan.
4. BDP Bootcamp
Begins Now
The basics of big data privacy in 15 minutes.
@tamaradull #SocialShakeUp
5. The BDP debate isn’t about
behavioral advertising.
@tamaradull #SocialShakeUp
6. The BDP debate is about…
@tamaradull #SocialShakeUp
right to privacy
internet age
security
safety
trust
ethics
context
no borders
transparency
global differences
7. There are four primary ways to
look at BDP.
@tamaradull #SocialShakeUp
11. #4. The public sector.
liberty.
vs.
dignity.
@tamaradull #SocialShakeUp
12. Trust is the glue that will keep
the data ecosystem together.
@tamaradull #SocialShakeUp
13. The BDP bootcamp basics.
The BDP debate isn’t about behavioral
@tamaradull #SocialShakeUp
advertising.
There are four primary ways to look at BDP:
The consumer.
The private sector.
The constituent.
The public sector.
Trust is the glue that will keep the data
ecosystem together.
14. Big Data Privacy
in Action
@tamaradull #SocialShakeUp
Cutting through the bullshit.
15. Let’s take a look under the
hood. First up: the users.
categorize your users—by audience.
establish policies for users and user groups.
ad hoc query users
remote partners/suppliers
power users (uncertified)
line of business executives—independent
line of business executives—shared
power users (certified)
statisticians/data scientists
executives and board of directors
@tamaradull #SocialShakeUp
data platform app user
standard report users (aka common report library)
HR and office of the chief privacy officer
16. master controlled
@tamaradull #SocialShakeUp
Next up: the data.
department-specific
categorize your data—by type
data platform app user
cross-functional
reporting process-specific
reference
metadata
historical
transactional
open
analytical
17. confidential
restricted
sensitive
sanctioned
available
external - sensitive
external - sanctioned
@tamaradull #SocialShakeUp
Still up: the data.
high risk - confidential
internal use - restricted
and by security level…
establish policies for data categories.
data platform app user
public - unrestricted
3-level
security
model
corporate
8-level
security
model
18. And finally: the apps and
platforms.
the user’s primary interface to the data.
establish policies on who can access what.
where the data lives.
establish policies on who can access what.
@tamaradull #SocialShakeUp
data platform app user
20. Remember these “facts”?
Fact #2. Privacy policies apply to data, not
users.
Fact #3. A single privacy policy will suffice for all
your data.
Fact #4. Anonymized data keeps my personal
identity private.
@tamaradull #SocialShakeUp
21. Privacy policies apply to data,
not users.
@tamaradull #SocialShakeUp
data platform app user
, apps and platforms.
22. A single privacy policy will
suffice for all your data.
@tamaradull #SocialShakeUp
data platform app user
A website example:
Policy. What user information is being collected.
Choice. What options user has about how/whether her
data is collected and used.
Access. How user can see what data has been
collected and change/correct it, if necessary.
Security. How collected data is stored and protected.
Redress. What user can do if policy is not met.
Updates. How policy changes will be communicated.
Reference: BBB Code of Business Practices
23. A single privacy policy will
suffice for all your data.
@tamaradull #SocialShakeUp
data platform app user
won’t
24. Anonymized data keeps my
personal identity private.
@tamaradull #SocialShakeUp
data platform app user
remove PII
(personally identifiable information)
from a single dataset
25. Anonymized data keeps my
personal identity private.
@tamaradull #SocialShakeUp
data platform app user
remove PII
from multiple datasets
26. Anonymized data keeps my
personal identity private.
@tamaradull #SocialShakeUp
data platform app user
doesn’t
re-identify individuals keep
27. @tamaradull #SocialShakeUp
A 5-Step BDP
Action Plan
What you can do about big data privacy after the
conference.
28. Step #1. Take digital control.
@tamaradull #SocialShakeUp
29. Step #2. Give customers easy
access and rights to their data.
@tamaradull #SocialShakeUp
30. Step #3. Become a privacy
advocate.
@tamaradull #SocialShakeUp
31. Step #4. Take a lead role in the
global privacy theater.
@tamaradull #SocialShakeUp
32. Step #5. Stop the bullshit.
BS Fact #1. “I’ve got nothing to hide.”
BS Fact #2. Privacy policies apply to data, not
users.
BS Fact #3. A single privacy policy will suffice
for all your data.
BS Fact #4. Anonymized data keeps my
personal identity private.
BS Fact #5. Privacy is dead.
@tamaradull #SocialShakeUp
33. Step #5. Stop the bullshit.
@tamaradull #SocialShakeUp
Fact #1
We’ve all got something to hide. It just depends
from whom.
BS Fact #1
“I’ve got nothing to hide.”
34. Step #5. Stop the bullshit.
@tamaradull #SocialShakeUp
Fact #2
Privacy policies apply to both data and users.
BS Fact #2
Privacy policies apply to data, not users.
35. Step #5. Stop the bullshit.
@tamaradull #SocialShakeUp
Fact #3
You need multiple privacy policies for your data
categories.
BS Fact #3
A single privacy policy will suffice for all your
data.
36. Step #5. Stop the bullshit.
@tamaradull #SocialShakeUp
Fact #4
Individuals can be re-identified from anonymized
data.
BS Fact #4
Anonymized data keeps my personal identity
private.
37. Step #5. Stop the bullshit.
@tamaradull #SocialShakeUp
Fact #5
Privacy is not dead. Yet.
BS Fact #5
Privacy is dead.
38. Step #5. Stop the bullshit.
Fact #1. We’ve all got something to hide. It just
depends from whom.
Fact #2. Privacy policies apply to both data and
users.
Fact #3. You need multiple privacy policies for
your data categories.
Fact #4. Individuals can be re-identified from
anonymized data.
Fact #5. Privacy is not dead. Yet.
@tamaradull #SocialShakeUp
39. Your 5-step BDP action plan.
Step #1. Consumers, take digital control.
Step #2. Private sector, give customers easy
access and rights to their data.
Step #3. Constituents, become privacy
@tamaradull #SocialShakeUp
advocates.
Step #4. Public sector, take a lead role in the
global privacy theater.
Step #5. You, stop the bullshit.
40. We each have a role to play in
data privacy. What’s yours?
@tamaradull #SocialShakeUp
41. It’s a big data world out there.
Now let’s be safe.
@tamaradull #SocialShakeUp
Tamara Dull
Director of Emerging Technologies
SAS Best Practices
tamara.dull@sas.com
#startshamelessplug
Visit my big data blog series on
SmartData Collective:
www.smartdatacollective.com
#endshamelessplug
42. Session Evaluation Survey
Before you leave this presentation, please go to the following
URL on your smartphone:
bit.ly/SSUeval
We’d love your feedback, so please let us know your thoughts
about the session.
This session title is:
5 BS Facts About Data Privacy Everyone Thinks Are True
Tuesday September 16th 11:45am, Industry 3 #SocialShakeUp