Business considerations for privacy and open data: how not to get caught out

545 views

Published on

When all around you seems to be going "open", what should you know and bear in mind to avoid a privacy debacle. Unless your data is solely about inanimate objects, there will be privacy considerations for your business or organisation. Done properly, suitable consideration may be trivial; done badly, it can be catastrophic, and hindsight is always better when the stories are about a different organisation.With kittens and hopefully some humour, Sam Smith of Privacy International covers how your organisation can avoid a future audience laughing (uncomfortably) at the privacy choices you should have made for your users, your customers and citizens.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
545
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Business considerations for privacy and open data: how not to get caught out

  1. 1. Privacy in an Open Data World Sam Smith ( day job: Privacy International for fun: open data and transparency ) @smithsam sam@privacy.org 1Hi, Im Sam from the InternetBy day, I work for Privacy International, but have a long standing personal interest in open data.Im going to talk about counter examples, and talk about organisations. None of this is specific advice, for that, we need to talk in detail, which is a different talk.Privacy is best described by principle and example. Or in most cases, counterexample. So, a big tech company...
  2. 2. Redact this slide from the published version 2Privacy is best described by principle and example. Or in most cases, counterexample. So, a big tech company...wanted to find out how their researchers interactedfully informed consent, had researchers turn on bluetooth, and logged what other devices could be seennice an effective. A couple of devices from 2 researchers could see each other all night.Not quite the type of interaction that the project was looking for.
  3. 3. what could possibly go wrong? Redact this slide from the published version 3Privacy is best described by principle and example. Or in most cases, counterexample. So, a big tech company...wanted to find out how their researchers interactedfully informed consent, had researchers turn on bluetooth, and logged what other devices could be seennice an effective. A couple of devices from 2 researchers could see each other all night.Not quite the type of interaction that the project was looking for.The point of this talk is the bubble that just raised a smile -- what can go wrong when you think about things that should be private in an open way. And how to not do that.(if anyone is concerned, this is a public example)
  4. 4. https://i.chzbgr.com/maxW500/6526756352/hBF8E39C4/ 4Open data and Privacy are not contradictory. Non-personal open data can be an output from data, but it has to be done carefully.Choices of individuals can be to put their data in the open -- there are projects where someone battling cancer has been open about their medical records. Thats their choice.Its when someone does that to another that privacy comes in.
  5. 5. http://www.cat-talk-101.com/images/indiana-jones-cat-2.jpg 5▼! ❑! Background! •! ❑! hat is privacy? -- in this talk, its data about individuals, citizens, customers, only going the subject wants it to go. w! ▼! ❑! In a privacy context! •! ❑!heres no organisation solely working on data privacy. t▼! ❑! in an emerging data world, you may find issues that no one has discovered before.
  6. 6. http://cdn.memegenerator.net/instances/400x/30138154.jpg 6▼! !n an emerging data world, you may find issues that no one has discovered before. For research, thats relatively rare. ❑i Much more common is a company seeing a revenue source from changing rules.! •! ❑! rinciples, and broad understanding helps. P! •! ❑! re you going to sell out your users, or are you going to protect them? A! ▼! !s your privacy policy written to cover yourselves, or with respect for customers? ❑i! •! ❑! ow you think, operate and work when you have time and are relaxed, will say a lot about how you are likely to operate when neither of those things are true. hIn some ways, youve done the hard bit. Youve given up friday lunch for a privacy talk. its your colleagues Im concerned about
  7. 7. photo Steven Depolo : http://www.flickr.com/photos/stevendepolo/4482491295/in/photostream/ (CC-BY) 7its easy to screw up. Its really hard to fix.A large international funder emailed re their "anonymised" data about murder of journalists.Nice open data project, done the same way its been done for a few years now, and a CSV file of dataOne of the problems we have with words is what they mean, and people reusing them to mean something thats different, or easier. "Open data" is seeing that start to happen.
  8. 8. http://www.flickr.com/photos/nataliedowne/6721324917/ 8so, whos pasted the wrong thing into a search box?One of the organisations that care the most about their users privacy is Wikipedia.The briefly released a research dataset, of things entered into their search box, and no other information...The reason I include this story, and wikipedia care about privacy more than most, is that its obvious in retrospect this is a problem, in advance, notquite so much.At scale, rare events happen often, and are exceptionally difficult to spot in advance. Privacy is hard. its what you do next that mattersThe level of standing and perception you have in the world matters.
  9. 9. 9So whos on O2? We all carry tracking devices with us...To the first approximation, they plan to sell detail of where and when you go. Info they have as a result of being a mobile company.If you were to do a subject access request, they will refuse to give you that data about you.What data stories could be told to encourage people to opt-in to that? give consumers some benefit....Instead, theyre doing it by quietly and not giving customers any choice or ebenfit.
  10. 10. Think about • Explanation • Informed consent • Choice • Benefit 10If marketing think its a good idea, what do the people who will have to answer the phones when it explodes think?▼! ❑! Open Data?! •! ❑! consent! •! ❑! choice! •! ❑! informed consent
  11. 11. http://karl.marxhausen.net/blog/uploaded_images/bull.w.cat.othic1-v-710156.JPG 11Phil and Terris talk about the National Pupil Database a few weeks ago, is an example of what happens when you do none of those things.If you see children as simply rows in a database, not as human beings, it may make your job easier, but it has real world effects.Some of those effects may be catastrophic. Do you trust the bureaucracy in the large organisations you use?
  12. 12. http://modishgirl.hubpages.com/hub/Toiletcat 12▼! ❑! So how do we avoid that?! ▼! ❑! Independent examination! •! ❑Look at things from a different perspective! ▼! ❑! care about individuals! •! ❑! NPD seminar from a couple of weeks agoMost privacy problems come from cockups, not conspiracy.
  13. 13. 13Different perspectives are important.If you dont ask, and dont want to know, the one thing thats true, is that in an open world, secrets have a habit of getting out.Diverse peer review helps and is in fact, for large scale data derived from people, often vital.Many eyes make cockups short. Wikipedia pulled their files very fast.Having that conversation in the open gets you different perspectives than if its hidden away from the street. That takes some care andconsidersation
  14. 14. 14▼! ❑! Take away conversations! •! ❑! Treat the people about whom you hold data as important.! •! ❑! look at the adjacent threats.! •! ❑! get external advice
  15. 15. http://i2.kym-cdn.com/photos/images/newsfeed/000/120/933/horse-with-cat-on-boat-in-storm-5907-1238034615-27.jpg 15Privacy problems come from screwing people over.Generally because you dont think of them as people.That used to work, but the world has moved on, and now, should you screw someone over, the internet turns out to care about random things.
  16. 16. Thanks to Carl Malamud at public.resource.org for the photo. http://www.flickr.com/photos/publicresourceorg/493889675/ SI Neg. 77-8474. Date: 1977...Mastodon, Ice Age Hall, National Museum of Natural History ..Credit: Dane A. Penland (Smithsonian Institution) 16This isnt the old world of requiring paper forms for opt in to things. Digital by Default means that much better can be done. Choices should be two way.▼ ❑ Full informed consent for data based on individuals is now relatively easy. ▼ ❑ people will say yes to things, including benefits to others. • ❑ people get very cranky when its imposed. • ❑ Avoid doing things your users havent chosen to do... • ❑ visualisations • ❑ story-telling • ❑ discussion
  17. 17. http://positivethoughtsonlife.files.wordpress.com/2011/05/kitten-and-lots-of-dogs.jpg 17Privacy protections around data are one of those topics that are generally thought of as too tightUntil suddenly theyre seen as no where near tight enough.Sending CDs via internal mail was a good idea, until suddenly it wasnt.Whether your organisation is used as a counterexample the next time I give this talk, is mostly up to you.Hopefully, nothings about going to bite you shortly.
  18. 18. Questions ? @smithsam sam@privacy.org 18When it does, feel free to get in touch.

×