120 likes | 258 Views
CONNECTED HOME TRACK - HOW WILL ORGANIZATIONS MEET CONSUMER DEMANDS FOR PRIVACY AND TRUST?. CABA Forum: Privacy and Trust Wednesday, April 2, 2014 Washington DC. Session Overview.
E N D
CONNECTED HOME TRACK - HOW WILL ORGANIZATIONS MEET CONSUMER DEMANDS FOR PRIVACY AND TRUST? CABA Forum: Privacy and Trust Wednesday, April 2, 2014 Washington DC
Session Overview Learn from industry leaders what action organizations should take when it comes to consumer privacy and trust. Organizations that understand the real and perceived consumer concerns over cybersecurity will be better positioned to develop the right products and services. Hear about strategies to deal with negative media and publicity. Most importantly attendees will learn about developing the right messaging and marketing to increase consumer trust and sales.
Panel Moderator: Michelle Chibba, Director, Policy and Special Projects, Office of the Information and Privacy Commissioner of Ontario Canada (IPC) – Panelists: Sumanth Channabasappa, Director of Innovation, Network Technologies Team, CableLabs Jonathan Cluts, Director of the Consumer Prototyping and Strategy Team, Microsoft Christopher Martin, Senior Manager, Bosch Charles McParland, Computer Scientist, Lawrence Berkeley National Lab
Privacy 101 • Information privacy refers to the right or ability of individuals to exercise control over the collection, use and disclosure by others of their personal information • Personally-identifiable information (“PII”) can be biographical, biological, genealogical, historical, transactional, locational, relational, computational, vocational or reputational, and is the stuff that makes up our modern identity • Privacy is contextual • Where there is no reasonable possibility of identifying a specific individual, either directly, indirectly, through manipulation or linkage of information, there is no privacy issue.
Data Assets = Data Risks and LiabilitiesThreats to Privacy. misuse of data. function creep. unauthorized data linkage. false positives. inaccurate data. unauthorized disclosure
Privacy in an Interconnected Home The Supreme Court has repeatedly held that people have heightened privacy interests in what happens within their home—even over information that is technologically observable by others. We have “Peeping Tom” laws for the same reason—just because someone has a means to watch what you’re doing in the home doesn’t mean they should. Smart devices have the potential to do amazing things for consumers—smart, automated cars cannot get here fast enough—but it’s paternalistic to assert that those smart devices must be allowed to secretly surveil consumers without understanding them or contrary to their wishes. Justin Brookman, Director of Consumer Privacy, Center for Democracy & Technology (CDT) (in IAPP Newsletter, November 2013.)
Smart TVs The key problem was "incompetence“ -- "Somebody thought it was a good idea to build these TVs with all these features and nobody ever said 'maybe we need some security people on the design team to make sure we don’t have a problem', much less 'maybe all this data flowing from the TV to us constitutes a massive violation of our customers’ privacy that will land us in legal hot water'. The deep issue here is that it’s relatively easy to build something that works, but it’s significantly harder to build something that’s secure and respects privacy.“ Dan Wallach, Princeton University Centre for Information Technology Policy (The Guardian, November 2013)
Personal information must be managed responsibly. When it is not, accountability is undermined and confidence/trust in the enterprise is eroded. • 43% do not trust companies with their personal information • 89% avoid doing business with companies where they have privacy concerns • 94% of U.S. consumers want control over who can collect their personal information and who can track them online Source: 2013 U.S. Consumer Privacy Confidence Privacy Report, Truste
The Golden RulesFair Information Practices • Why are you asking? - Collection, purpose specification • How will the information be used? - Primary purpose, use limitation • Any additional secondary uses? - Notice and consent, prohibition against unauthorized disclosure • Who will be able to see my information? - Restricted access from unauthorized third parties FTC Privacy Framework: 3 Pillars • Privacy by Design • Simplified Consumer Choice • Transparency
Resources • Guidelines for Security Considerations that applies in general to architecture http://www.ietf.org/rfc/rfc3552.txt • Privacy Considerations for Internet Protocols http://tools.ietf.org/html/rfc6973 • CableLabsSMA Specification, now archived, as an example http://cablelabs.com/specification/packetcable-security-monitoring-and-automation-signaling-specification/ • FTC. Protecting Consumer Privacy in an Era of Rapid Change (http://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf ) • PbDprinciples (7 Foundational Principles of Privacy by Design ) • PbD: Achieving the Gold Standard in Data Protection for the Smart Grid (http://www.ipc.on.ca/images/Resources/achieve-goldstnd.pdf) • Security by Design: An Enterprise Architecture Approach (http://www.ipc.on.ca/images/Resources/pbd-privacy-and-security-by-design-oracle.pdf)
Resources (cont’d) • Building Privacy into Mobile location analytics (MLA) Through Privacy by Design (http://www.ipc.on.ca/images/Resources/pbd-mla.pdf) • Sensors and In-home Collectionof Health Data http://www.ipc.on.ca/images/Resources/pbd-sensor-in-home.pdf • Wi-Fi Positioning Systems: Beware of Unintended Consequences (http://www.ipc.on.ca/images/Resources/wi-fi.pdf) • Mobile Near Field Communications (NFC) “Tap ‘n Go Keep it Secure and Private (http://www.ipc.on.ca/English/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=1136) • Wireless communications fact sheet (http://www.ipc.on.ca/English/Resources/Educational-Material/Educational-Material-Summary/?id=645)