Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - Rajesh Jayaprakash


Published on

Presentation to IPQC audience in Vegas. Overall objective is to better protect consumer privacy and to find innovative win - win solutions for consumers and organizations.
Two topics discussed,
1) Best Practices for perserving Privacy and Security for Big Data Platforms.
2)Explanation of Organizational Privacy Score (OPS) and how it can turn a good privacy policy into a competitive advantage for the organization.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - Rajesh Jayaprakash

  1. 1. ‘Privacy Score’ : Quantifying privacy and turning it into a competitive advantage. & Privacy Best Practices for Big Data Platforms Rajesh Jayaprakash Senior Enterprise Architect, Master Data Management & Data Privacy July 17th 2014 Big Data Monetization Summit Las Vegas, USA
  2. 2. Page 2 TELUS Major Business Units are,  TBS : TELUS Business Solutions  TCS : TELUS Consumer Services  TPS : TELUS Partner Solutions Wireless Subscribers Wireline network access lines Internet Subscribers TV Customers One of the big three Telco's in Canada with 11.3 billion of annual revenues and 13.3 million customer connections
  3. 3. PrivacyScore–PrivacyasacompetitiveAdvantage 3Differing Views on Consumer Privacy & Consents Organization’s Views Consumer’s Views Let’s trade! Giveaway a coupon to get consents… People don’t care about privacy… You can’t expect privacy in the online world… Let us make it our competitive advantage It is part of the respect I expect from the organization Let us make it part of our ‘Customer Experience’.. How do we measure it? By law of this country .. We don’t have to… Privacy keep people isolated in their islands. [Word ‘Privacy’ is derived from the Latin Privatus, meaning ‘‘withdraw from public life,’’] Customer have already agreed to in the terms and conditions… We need the same protection online that we have offline In that country we have to care.. But this country we don’t have to.. But then, how do we? Privacy? It is a thing of the past. It’s a human right Let’s trade… Where is my share? I have nothing to hide FEAR & Transparency?
  4. 4. PrivacyScore–PrivacyasacompetitiveAdvantage 4Privacy : Importance of asking right questions 1.Ques: Is your privacy is important for YOU in the online world? Your Answer : Ah.. Somewhat – may be. I do not know, I don’t care… 2.Ques : Great.. So you don’t mind if we keep track of your travel, via your car’s GPS and transit tickets and phone location? Only our employees would have access. And may be push some ads to your phone? (Oh, by they way, some of our employees may be your neighbours). Your Answer :Oh… Really? May be I care somewhat? 3.Ques : So, you really care if your mother in law and neighbours was buying and tracking your sexual activity data that your accelerometer vendor was selling? What about same data of your kids? Your Answer : That sounds creepy.. But oh well… 4.Ques : What about the same data of your kids? Your Answer : ? !
  5. 5. PrivacyScore–PrivacyasacompetitiveAdvantage 5Privacy : Getting the right perspective People do care about their privacy, but in varying extent. To know truly how much, we need to ask questions in context – not generically. When incidents occur, people just come to know the context and REACT! Leading to conflict with the organization.
  6. 6. PrivacyScore–PrivacyasacompetitiveAdvantage 6 Organizational Privacy Score (OPS) measures consumer consent and control and prove it to customers to make it a competitive advantage for your organization. So what is your organizations view? Let each consumer decide ! A solution at a holistic level is to TRUELY adopt the policy of “Consumer Choice and Control” of their own privacy choices, preferences and consents. & Go above and beyond the requirements of privacy laws.
  7. 7. PrivacyScore–PrivacyasacompetitiveAdvantage 7Key Assumptions Privacy • Privacy promises the organization is making to customer or not making. • Represents the intention of the organization with respect to the level of commitment. • It is about policy of the organization and shaped by the executive team, mostly based on some form of organizational values.  Security • The capability of the organization in meeting the above commitments. • It is a technical capability. • A security policy is usually drafted but it is still a technical policy – on how to achieve the security objectives.
  8. 8. PrivacyScore–PrivacyasacompetitiveAdvantage 8Key Assumptions Anonymisation • The process of converting ‘Personally Identifiable Information (PII) to Non- Personally Identifiable information. Mainly because most privacy laws are around PII. However from a legal angle, in most cases the originator (claimer organization of ‘anomymization’) has to ‘guarantee’ the anonymized data is not re-identified by other parties if shared knowingly. This is a very hard to do. Preferences • The superset of choices that can be made available to the consumer. • Choices could be list of values and wide range of customer selections Not just Yes/No or “I agree”. Consent • Usually a miniaturised version of preferences. Mostly looking privacy from a ‘barely legal’ angle and ensuring compliance. Do we have consent from customer to do this (Y/N)?
  9. 9. PrivacyScore–PrivacyasacompetitiveAdvantage 9 Organizational Privacy Score Official Disclosure : This is not a TELUS product or recommendation
  10. 10. PrivacyScore–PrivacyasacompetitiveAdvantage 10Organizational Privacy Score(OPS) – Why? Credit Score: To ensure trust worthiness of financial transactions of the lendee, Lender (organization) has ‘Credit Score’ for the lendee ( ie; the customer). Privacy Score: When a person hands over his data, or when it is harvested, the lender(ie; consumer) does not get any kind of number on the trust worthiness of the lendee (organization). All customer gets usually is a very long terms and conditions and a single “I agree” button. Data is the new oil: From a value of item changing hands (ie; personal data of consumer), our times are comparable to the earliest days of credit score.
  11. 11. PrivacyScore–PrivacyasacompetitiveAdvantage 11Organizational Privacy Score – Why?  Multiple new technologies acting as disruptive force:  There are multitude of new technologies CONVERGING and coming to market which are game changers and capable of tracking every move and everything to the most minute details of people. Then this can combined with many type of profiles. This helps organizations understand people a lot better than their understanding of themselves.  Big Data + Cloud + Location Based Services (GPS & Smart phones) + Wearable devices + Social Media + Smart Meters & Smart homes + Google Search + Google Now + Marketing lists + Relationship identifying algorithms + Extremely accurate predictive algorithms + …  The ‘creepiness’ gets to the customer.  Sooner or later there will be incidents that the customer going to realise the creepiness.  It is not about the technology or even the intent for the creepiness, but the immaturity in the communication, governance and adoption of these technologies, or the lack of focus in that.
  12. 12. PrivacyScore–PrivacyasacompetitiveAdvantage 12 Imagine your company’s next ad on TV with these messages Turning privacy score into a competitive advantage..  Our privacy score is X.X out of 10. It is certified by independent third parties.  We do not sell your data.  We tell you where we store your data.  We tell you whom we share your data with. And let you control it.  We proactively share all your data with you, via our website. Ie; Even if you didn’t request for it.  Our competitors doesn’t even have a score. IN THIS NEW TECHNOLOGY, WORLD, WE ARE ON YOUR SIDE!! AND THIS IS THE PROOF !!
  13. 13. PrivacyScore–PrivacyasacompetitiveAdvantage 13Organizational Privacy Score – What is it? A method to quantify and advertise large organizations “intention” of treatment of consumer data and choices. • Measure the enablement of consumer choices in privacy. • Global approach. Not tied to any country’s legalities. • Very detailed and specific set of questions. • Averages out various sub parts of the organization for the final score. • Survey based approach. • One single score for the entire organization. Similar to a credit score. • Publish the entire survey responses to ensure transparency and auditing. • NOT a ‘security” score. Ie; Security is not included. Ie; Capability and Practice of privacy is not included as of now. But in works. • Independent third party organizations as “Certifiers”. Has three individual scores that roll up to final score. 1. Basic privacy score – Checks the organization has the basic framework for privacy checking. 2. Data Privacy score – Checks the organization share ALL the data it has with consumer - Not just personally identifiable information. 3. Specialised Privacy Score – A set of privacy scores in specialised areas of privacy importance in the line of business. Like Big Data, Cloud, CCTVs, Location based Services, Employee privacy etc.
  14. 14. PrivacyScore–PrivacyasacompetitiveAdvantage 14Organizational Privacy Score – Who, When & Where? Whitepaper: organizations-whitepaper-rajesh-jayaprakash tmforum: – Global association of telcos. • Tmforum catalyst product, Jun 2014 Service privacy score : A scaled down version of the privacy score. Focuses one perticular product at a time – rather than the entire organization. Good for smaller vendor/software vendor companies, with minimal number of products. Participation from : TELUS, TAO, and few other telcos and vendors. • Tmforum catalyst product, Dec 2014 (planned) Organizational Privacy Score : in works. Participation from : You?
  15. 15. PrivacyScore–PrivacyasacompetitiveAdvantage 15OPS – What is missing from it (for now)? Total Organizational Privacy Score = Intention of the Organization (OPS) (WE HAVE IT) * (multiplied by) Capability of the Organization (Security Capability) (TBD) * (multiplied by) Practice of the origination (Governance Practices) (TBD)
  16. 16. PrivacyScore–PrivacyasacompetitiveAdvantage 16Organizational Privacy Score – How?
  17. 17. PrivacyScore–PrivacyasacompetitiveAdvantage 17 Organizational Privacy Score – How – Basic Score
  18. 18. PrivacyScore–PrivacyasacompetitiveAdvantage 18Organizational Privacy Score – How?
  19. 19. PrivacyScore–PrivacyasacompetitiveAdvantage 19Organizational Privacy Score – How?
  20. 20. PrivacyScore–PrivacyasacompetitiveAdvantage 20 Organizational Privacy Score – Data Privacy Score Sample of Questions – From one of the Categories
  21. 21. PrivacyScore–PrivacyasacompetitiveAdvantage 21 Organizational Privacy Score – Specialized domains Big Data, Location Based Services, Cloud, CCTV, Wearable devides, Employees, New..
  22. 22. PrivacyScore–PrivacyasacompetitiveAdvantage 22Organizational Privacy Score – White Paper • organizations-whitepaper-rajesh-jayaprakash
  23. 23. PrivacyScore–PrivacyasacompetitiveAdvantage 23 Best Practices in Big Data Privacy Official Disclosure : These are not official TELUS Big Data standards or Guidelines. We are only sharing some industry practices.
  24. 24. PrivacyScore–PrivacyasacompetitiveAdvantage 24Classify projects as POCs Vs Regular Proof Of Concepts (POC) Aka: Hypothesis Regular Projects Use cases are not stable or well defined All use cases well documented. Main objective is study and understand feasibility Use a mix of real data, de-identified data and out of platform cross referenced data. Use Synthetic data (Completely randomly created data ) A Full PIA (Privacy Impact Assessment) to be done. (Certified IAPP professionals to approve the same). No resultant customer contact or operational process impacts Data for POC should be destroyed at end of POC Fast tracked privacy and security processes 3-4 months duration max NOT the same as ‘Pilot’ No Government Customer impacts 1. POC(Hypothesis) VS Project?
  25. 25. PrivacyScore–PrivacyasacompetitiveAdvantage 25Tamper Resistant Logs 2. Every user and system access and activity log should maintained in a tamper-resistant manner for current day + 365 days. The log should be kept off-board.
  26. 26. PrivacyScore–PrivacyasacompetitiveAdvantage 26Access Termination Criteria 3. All access to the data/information given should have specific termination/end criteria and renewal guidelines. • Indefinite access should not be allowed. Eg: Employees – per termination or two years of inactivity. • Third party employees/vendor resources should have similar specific termination criteria.
  27. 27. PrivacyScore–PrivacyasacompetitiveAdvantage 27Need to Know basis 4. All access to Big Data platform data (raw data, source data, analytic output) should be on a need to know basis and documented.
  28. 28. PrivacyScore–PrivacyasacompetitiveAdvantage 28Retention Schedules 5. Determine and comply with the retention schedules of the source system data and ensure data in the big data platform is in compliance. • Different sources might have different retention timelines due to legal or other business reasons. Rather than trying to unify or another way identify a single retention period for all data in the big data platform, consider it is an amalgamation of different domains of data, with each domain of data with specific and often unique retention schedule. • This might result in some more complexity in use cases. However provide maximum duration for analysis and forecasting, while ensuring compliance.
  29. 29. PrivacyScore–PrivacyasacompetitiveAdvantage 29Synchronization 6. Every data record that is replicated from other sources should be synchronised for changes in source system. Most cases, operational decisions are made based on inferences from big data platform, this sync should be real time and algorithms need to re-run for false positive corrections.
  30. 30. PrivacyScore–PrivacyasacompetitiveAdvantage 30Key Sensitive Data Elements 7.1 Very Sensitive personal information This type should NOT be stored in big data systems. Rather be in totally different platforms and invoked as and when needed basis. o Credit Card Numbers, o Passwords for consumers. 7.2 Hashed personal identifiers (Or encrypted in equivalent ways). Hashed Values can be stored in big data but original data or hash keys/logic should not be in big data platform. o SIN/SSN numbers, o Driving License Info.
  31. 31. PrivacyScore–PrivacyasacompetitiveAdvantage 31Big Data Privacy Guidelines (Contextual decision) 1. Personal Contact Information: This should not be stored in big data but cross reference able with operational systems for the “final subset” of target customers. This way you are not risking entire customer base but only a small subset even if some breach happens. • Personal Contact Info Data elements: Names ,Email, Social Media IDs (Facebook, twitter, LinkedIn), Physical Address (except postal code), Phone Numbers (except area code). 2. Special considerations when using large enterprise customer’s data. • You may have very specific contracts with them, with specific privacy and security agreements. • How do you ensure you are not doing a CDR analysis of top brass of military or senators in big data?
  32. 32. PrivacyScore–PrivacyasacompetitiveAdvantage 32Big Data Privacy Guidelines (Contextual decision) 3. Algorithms should be tweaked to favour false negatives as opposed to false positives. 4. Data Quality is addressed in source systems, wherever it is – Not the downstream. 5. Data in big data (input or output – any stored data) platform should be customer sharing friendly. 6. Information in Big Data platform should not be downloadable to individual’s equipment’s (laptops etc.)..
  33. 33. Alex Loffler of TELUS Security team Shelly Scott of TELUS Privacy Office For help and participation in Big Data Best Practices Acknowledgements Ann Cavoukian & Jeff Jonas : “Privacy By Design” Whitepaper on Big Data Privacy References
  34. 34. Rajesh Jayaprakash Questions ? Please Email
  35. 35. PrivacyScore–PrivacyasacompetitiveAdvantage 35 Thank You ! Rajesh Jayaprakash
  36. 36. PrivacyScore–PrivacyasacompetitiveAdvantage 36Single View of Customer – Data for every context Single View of Customer is not the same, giant, customer information page for everyone. It is a logical source of all information of the customer. Each team will ask for significantly different piece of information of the same customer. When that is supplied, that team would ask for another set.. And cycle will continue. Fulfillment Sales Reps Marketing Credit Teams Big Data & AnalyticsIVR/Authorization Portals Call centers
  37. 37. PrivacyScore–PrivacyasacompetitiveAdvantage 37 DATA Transactional Data Data Classification  Represents relatively static data. Customers, Products etc.  Includes Customer Names, Demographics, Relationships with other Customers, Account Relationships, Privacy, Preferences etc. These type of data are relatively static, low in volume, and widely used in the organization Master Data Transactional Data Analytical Data Data in Any Organization is broadly classified into three.  Represents the business activity at a point in time. Data of day to day activities of the company.  Examples: Account Balance, Bills, Payments, Orders, Trouble tickets. This data is created very frequently, higher in volume, and relevant to pockets of organization.  Represents the information derived from the above two.  Examples: Trends, Forecasts, Sales history, buying patterns, profitability, segmentation, propensity to buy, lifetime Value, risk exposure. This all ‘generated’ data and very specific to pockets of organization. Volumes are very high.
  38. 38. PrivacyScore–PrivacyasacompetitiveAdvantage 38What is Single View of Customer? What it is NOT Why? Another database in which we need to bring all data of all customers Impractical approach. A huge list of predefined data elements about the customer. The list is too big and too dynamic with the advent of new technologies like social media, location based services etc. A problem that any single vendor product can solve by itself. The breadth of data spans across many systems. Another ‘matching’ engine Putting emphasis on matching is a reactive solution.
  39. 39. PrivacyScore–PrivacyasacompetitiveAdvantage 39What is Single View of Customer? An attainable, capability-based definition • The capability to access the ‘best quality’ information available in the organization. This include information internal to organization and external data(social media etc.) • The capability to get all the information about the customer, for the given user/application, at any specific context • The capability to pinpoint a single record instance for a customer, without duplication issues exposed to the end users/applications • The capability of having a common customer definition of ‘customer‘ and it accepted throughout the organization. Define & Align on “Customer” Single Record Best “Available” Data for every Context & Audience A collection of four capabilities
  40. 40. PrivacyScore–PrivacyasacompetitiveAdvantage 40What is Single View of Customer?