Uploaded on

Conference and lecture given in February 2012 in Brussels

Conference and lecture given in February 2012 in Brussels

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,067
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
111
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Social Media, Web 2.0 The end of Privacy ? Jacques Folon Partner Edge Consulting Lecturer ICHEC Visiting professor Université de Liège & Université de Metz
  • 2. Find the presentation on www.slideshare.net/folon
  • 3. Table of Contents
      • The author
      • Social media & privacy ????
      • What’s data privacy?
      • Control of the employees
      • How are data collected?
      • Security & ISO 27002
      • Conclusion
  • 4. Chargé de cours Partner Auteur http://be.linkedin.com/in/folon [email_address] www.ichec.be [email_address] www.edge-conulting.biz Administrateur
  • 5. Follow me on scoop it for the latest news on data privacy and security http://www.scoop.it/t/management-2-entreprise-2-0
  • 6.
      • The author
      • Social media & privacy ????
      • What’s data privacy?
      • Control of the employees
      • How are data collected?
      • Security & ISO 27002
      • Conclusion
  • 7.  
  • 8. 4 By giving people the power to share, we're making the world more transparent. The question isn't, 'What do we want to know about people?', It's, 'What do people want to tell about themselves?' Data pricavy is outdated ! Mark Zuckerberg, CEO Facebook If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. Eric Schmidt, ex- CEO of Googe
  • 9.  
  • 10.  
  • 11.  
  • 12.  
  • 13. So is it still a question?
    • Yep...
    • see on the web, you’ll find sooo many debates
    • and by the way data privacy legal framework also is applicable in the social media environment
  • 14.
      • The author
      • Social media & privacy ????
      • What’s data privacy?
      • Control of the employees
      • How are data collected?
      • Security & ISO 27002
      • Conclusion
  • 15. What your boss thinks...
  • 16. Good question ? 10
  • 17. Employees share (too) many information and also with third parties
  • 18. Some news
  • 19. Where the data are
  • 20.  
  • 21. Legal issues
    • Employee copy what they find on internet
    • Inappropriate posts against the company, colleagues, clients, suppliers,...
    • HR: recruitment, harassment, ...
    • Limitation of control by the employer
    • Archiving & e-discovery
    • Code of conducts
    • ...
    5
  • 22. Source : https://www.britestream.com/difference.html .
  • 23. Everything must be transparent
  • 24.  
  • 25. legal framework (s)
  • 26.  
  • 27. Some important legal definitions
  • 28. Personal data Any information relating to an identified or identifiable person ('data subject') who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more specific factors (physical, physiological, mental, economic, cultural, social).
  • 29.
    • Collecting and processing the personal data of individuals is only legitimate in one of the following circumstances :
    • Where the individual concerned has unambiguously given his or her consent , after being adequately informed; or
    • if data processing is needed for a contract, or
    • if processing is required by a legal obligation; or
    • if processing is necessary in order to protect the vital interest of the data subject, or
    • if processing is necessary to perform tasks of public interests or tasks carried out by government, tax authorities, the police or other public bodies; or
    • if the data controller or a third party has a legitimate interest in doing so, so long as this interest does affect the interests of the data subject, or infringe on his or her fundamental rights, in particular the right to privacy. This provision establishes the need to strike a reasonable balance between the data controllers' business interests and the privacy of data subjects.
    When is it «legal»? Source: http://ec.europa.eu/justice/data-protection/index_en.htm
  • 30. Data subject An identified or identifiable person to whom specific personal data relates. It is someone who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more specific factors (physical, physiological, mental, economic, cultural, social).
  • 31. Processing of personal data Processing of personal data means any operation or set of operations which is performed upon personal data , whether or not by automatic means (for example: collection, recording, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, deleting or destruction, etc.). Source: http://ec.europa.eu/justice/data-protection/index_en.htm
  • 32. Controller Natural or legal person, public authority, agency or any other body which, alone or jointly with others , determines the purposes and means of the processing of personal data.
  • 33. The data controller must respect certain rules: Source: http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm
    • Personal Data must be processed legally and fairly ;
    • It must be collected for explicit and legitimate purposes and used accordingly;
    • It must be adequate, relevant and not excessive in relation to the purposes for which it is collected and/or further processed;
    • It must be accurate , and updated where necessary;
    • Data controllers must ensure that data subjects can rectify, remove or block incorrect data about themselves;
    • Data that identifies individuals (personal data) must not be kept any longer than strictly necessary ;
    • Data controllers must protect personal data against accidental or unlawful destruction, loss, alteration and disclosure, particularly when processing involves data transmission over networks. They shall implement the appropriate security measures. These protection measures must ensure a level of protection appropriate to the data.
  • 34.
    • What can you ask of data controllers?
    • Data controllers are required to inform you when they collect personal data about you;
    • You have the right to know the name of the controller , what the processing is going to be used for, to whom your data may be transferred;
    • You have the right to receive this information whether the data was obtained directly or indirectly, unless this information proves impossible or too difficult to obtain, or is legally protected;
    • You are entitled to ask the data controller if he or she is processing personal data about you;
    • You have the right to receive a copy of this data in intelligible form;
    • You have the right to ask for the deletion, blocking or erasing of the data.
    Source: http://ec.europa.eu/justice/data-protection/index_en.htm
  • 35. the law prohibits the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life unless one of the exception criteria is met.
  • 36. exchange of data...
  • 37.  
  • 38. Coockies
  • 39. international transfer
  • 40.
    • Security management
    • Security departement
    • Consultant
    • Security procedures
    • Disaster recovery
  • 41.
    • Technical security
    • Risk analysis
    • Back-up
    • Procedures aganinst fire, theft, ...
    • Identity access management
    • Authentification (identity management)
    • Loggin and password
  • 42.
    • Legal security
    • Employment contracts
    • sub contractors
    • Code of conduct
    • employee’s control
    • Full respect of the legal framework
  • 43. Privacy statement confusion
    • 53% of consumers consider that a privacy statement means that data will never be sell or give
    • 43% only have read a privacy statement
    • 45% only use different email addresses
    • 33% changed passwords regularly
    • 71% decide not to register or purchase due to a request of unneeded information
    • 41% provide fake info
    Source: TRUSTe survey
  • 44.  
  • 45.
      • The author
      • Social media & privacy ????
      • What’s data privacy?
      • Control of the employees
      • How are data collected?
      • Security & ISO 27002
      • Conclusion
  • 46. How many information? 67
  • 47.  
  • 48.  
  • 49. Could the employer control everything?
  • 50. Control
    • Privacy vs right to control
    • CC-CAO 81
    • Same rules for public and private sector
  • 51.
    • CONTROL
    • Purpose (4)
    • proportionality
    • procedure
    • information
    • individualization
    • Penalties
  • 52. Are posting on social media private?
    • It is on a public site and as such not private
    • the employer may check what happens on social media with some limitations:
      • ok for linkedin, viadeo, etc.
      • ok for others if complaints for by instance sexual harassment
      • no if it is for dicrimination or to find sensistive information
    • need for a code of conduct
  • 53. TELEWORKING
  • 54.
      • The author
      • Social media & privacy ????
      • What’s data privacy?
      • Control of the employees
      • How are data collected?
      • Security & ISO 27002
      • Conclusion
  • 55. They know where you are ...
  • 56. Source: http://www.slideshare.net/peterkaptein/post-privacy-era
  • 57. Source: http://www.slideshare.net/peterkaptein/post-privacy-era
  • 58.  
  • 59.  
  • 60.  
  • 61.  
  • 62. Making sure you can call GSM Cell GSM Cell GSM Cell Source: http://www.slideshare.net/peterkaptein/post-privacy-era You
  • 63. Tool: Triangulation Database Data Data Data Data Source: http://www.slideshare.net/peterkaptein/post-privacy-era You
  • 64. “You are here” Database Data Data Data Source: http://www.slideshare.net/peterkaptein/post-privacy-era You
  • 65.  
  • 66.  
  • 67.  
  • 68.  
  • 69. Tracking: defining actions Friday, 12:45 12:47 12:52 13:30 13:50 13:25 13:45 Purchase Purchase Phone call Source: http://www.slideshare.net/peterkaptein/post-privacy-era Phone ID Payment Face recog.
  • 70. Tracking: Matching GSM Cell data Payment data Biometric data - Identity - Action - Location - Time Source: http://www.slideshare.net/peterkaptein/post-privacy-era
  • 71. Tracking: Data collection Friday, 12:45 Other people You Source: http://www.slideshare.net/peterkaptein/post-privacy-era Phone ID Payment Face recog. You
  • 72. Filtering the data Sunday, 12:45 Dam Square Other people Maybe you Monday, 14:15 Abbey road You Tuesday, 09:45 Johns Bagels Matches now + past Source: http://www.slideshare.net/peterkaptein/post-privacy-era Phone ID Payment Face recog.
  • 73. Result
        • phone ID
        • + biometrical data (camera)
        • + payments + purchased items
        • = You + your wherabouts
    Source: http://www.slideshare.net/peterkaptein/post-privacy-era
  • 74.  
  • 75.  
  • 76. DATA THEFT
  • 77.
    • Where do one steal data?
    • Banks
    • Hospitals
    • Ministries
    • Police
    • Newspapers
    • Telecoms
    • ...
    • Which devices are stolen?
    • USB
    • Laptops
    • Hard disks
    • Papers
    • Binders
    • Cars
  • 78. What do they know?
  • 79. Building your profile Source: http://www.slideshare.net/peterkaptein/post-privacy-era You
  • 80. Building your profile Medical data Financial data Family Friends Prefe-rences Private stuff Incrimina-ting stuff Where-abouts Photo’s Source: http://www.slideshare.net/peterkaptein/post-privacy-era You
  • 81. Building your profile Medical data Financial data Family Friends Prefe-rences Private stuff Incrimina-ting stuff Expenses Budgets Where-abouts Connect-ions Photo’s Opinions Travels Commutes Photo’s Sexual Sexual Photo’s Literature Consumer People Diseases Current state Personal data Source: http://www.slideshare.net/peterkaptein/post-privacy-era You
  • 82. How? GSM Cell data Phone calls Payment data Whereabouts via biometric data Bonus card data Medical data Browsing data Profile database Travel data Google searches Source: http://www.slideshare.net/peterkaptein/post-privacy-era
  • 83.
      • The author
      • Social media & privacy ????
      • What’s data privacy?
      • Control of the employees
      • How are data collected?
      • Security & ISO 27002
      • Conclusion
  • 84. 48
  • 85. 45 Implication for HR
  • 86. 8.1 before recruiting
  • 87. 8.1.1. roles & responsibilities
  • 88. 52
    • Contracts
    • Réglement de travail/arbeidsreglement
    • security policy
    • CC/CAO 81
  • 89. 53
    • «forgotten» contracts
    • consultants
    • subcontractors
    • auditors
    • accountants
    • cleaning
  • 90. 54 TESTS ASSESMENTS SOCIAL MEDIA CHECK CV Screening
  • 91. 55
  • 92.
    • Employees’ responsibilities
    • Applicable rules before and after the contract
    • Privacy information
    • Mobiles, laptop,etc.
    57 8.1.3 employment conditions
  • 93. 58 8.2 during the contract
  • 94.
    • Procedures
    • Control
    • update
    • security manager
    • Sponsoring
    59 8.2.1 Management responsibilities
  • 95. 8.2.2 Training and awareness
  • 96.
    • Limit for control?
    • Private emails?
    • CC/CAO 81
    61 8.2.3 Disciplinary process
  • 97. 62 8.3.1 End of contract
    • internal move
    • confidentiality after the end
    • what is confidential
  • 98. 63
  • 99. 8.3.3.Cancel access rights
  • 100.
      • The author
      • Social media & privacy ????
      • What’s data privacy?
      • Control of the employees
      • How are data collected?
      • Security & ISO 27002
      • Conclusion
  • 101. Is this your data security ?
  • 102. Social media are there... +500 M users today reaching 1 billion by 2012 85 M users today 70 M users today 120 M users today 74 M users today 10 M users today
  • 103. Géolocalisation
  • 104. http://projectvirginia.com/infographic-emerging-media-in-2011/
  • 105. It’s not only the so-called generation Y
  • 106.  
  • 107.  
  • 108. Recrutement et media sociaux
  • 109. Source: http://www.doppelganger.name
  • 110. Your boss thinking of data privacy ?
  • 111. Or ?
  • 112. 86 Remember that security of personnal data is a legal requirement...
  • 113. 87 “ It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.” C. Darwin
  • 114.  
  • 115. QUESTIONS ?
  • 116.