This document summarizes a presentation on cookies and data privacy regulations. It begins by defining what cookies are and noting the confusion around their technical definitions. It then summarizes the key aspects of the EU ePrivacy Directive regarding consent requirements for storing cookies. There is discussion of varying levels of compliance among industries and challenges in interpreting and applying the regulations. The presentation argues for a shift towards viewing cookies as data assets and focusing on privacy over technology. It suggests that self-regulation combined with sensible enforcement could help drive improved privacy practices.
Bring Your Own Identity (BYOI) is the enabling of employees, customers, and constituents to use their own defined identities to access organizational resources and or entitlements. This trend is being embraced and extended to use individual social media identities. Organizations that embrace BYOI save on identity management costs as well as enable better directed marketing and communications. As all new trends, the question must come up 'Does BYOI come with hidden costs or exposures?'.
This deck covers the items you need to consider in order to move forward, including:
1) - Benefits of BYOI and why
2) - Potential downsides of blending organizational and personal identities? I.e: What is the potential privacy impact of using BYOI
3) - Issues that may arise with the use of non-organizational / personal identities while accessing information and entitlements?
4) - What can happen if a social identity is compromised? 5) - How can we use them securely?
NetIQ's David Mount examines the rise of Social Media networks as identity brokers / providers. Using NYC.gov as the case study, David shows how it is easier to engage customers and give them personalized service or web experience. At the same time increasing customer satisfaction, participation, and decreasing desertion.
Healthcare businesses must balance the requirement to provide the necessary information practitioners need to deliver quality healthcare, with the pressing need to keep patient data private and secure. As more and more patient information moves online and mobile, healthcare organizations are rethinking the role of identity in ensuring that the right people get the right information when and how they need it.
Geoff Webb, Director of Solution Strategy with NetIQ presented 'Identity, Security and Healthcare' at the Heart of America HIMSS chapter event at Johnson County Community College on January 16th 2014. His presentation looked at the evolving trends of mobility, social identity, cloud, and security in the world of healthcare, and how you can start planning now to meet the needs of your organization today and in the future.
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Designbradley_g
A presentation by Commissioner Cavoukian to the Canadian Institute Advertising and Marketing Law Conference on how Privacy by Design can give a sustainable competitive advantage in advertising and marketing.
The Fiduciary Access to Digital Assets Act in Michigan:Now That We Have it, W...gallowayandcollens
Attorney Howard Collens presented the most recent updates on Michigan’s new Fiduciary Access to Digital Assets Act. Now is the perfect time to update your will, trust and power of attorney to incorporate the latest options for dealing with your digital assets.
The Fiduciary Access to Digital Assets Act in Michigan: Now That We Have it, ...gallowayandcollens
Attorney Howard H. Collens presents the most recent updates on the new Fiduciary Access to Digital Assets Act. Learn the many states that have recently enacted the new Act and updates on what the future holds for estate planning and digital assets.
Bring Your Own Identity (BYOI) is the enabling of employees, customers, and constituents to use their own defined identities to access organizational resources and or entitlements. This trend is being embraced and extended to use individual social media identities. Organizations that embrace BYOI save on identity management costs as well as enable better directed marketing and communications. As all new trends, the question must come up 'Does BYOI come with hidden costs or exposures?'.
This deck covers the items you need to consider in order to move forward, including:
1) - Benefits of BYOI and why
2) - Potential downsides of blending organizational and personal identities? I.e: What is the potential privacy impact of using BYOI
3) - Issues that may arise with the use of non-organizational / personal identities while accessing information and entitlements?
4) - What can happen if a social identity is compromised? 5) - How can we use them securely?
NetIQ's David Mount examines the rise of Social Media networks as identity brokers / providers. Using NYC.gov as the case study, David shows how it is easier to engage customers and give them personalized service or web experience. At the same time increasing customer satisfaction, participation, and decreasing desertion.
Healthcare businesses must balance the requirement to provide the necessary information practitioners need to deliver quality healthcare, with the pressing need to keep patient data private and secure. As more and more patient information moves online and mobile, healthcare organizations are rethinking the role of identity in ensuring that the right people get the right information when and how they need it.
Geoff Webb, Director of Solution Strategy with NetIQ presented 'Identity, Security and Healthcare' at the Heart of America HIMSS chapter event at Johnson County Community College on January 16th 2014. His presentation looked at the evolving trends of mobility, social identity, cloud, and security in the world of healthcare, and how you can start planning now to meet the needs of your organization today and in the future.
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Designbradley_g
A presentation by Commissioner Cavoukian to the Canadian Institute Advertising and Marketing Law Conference on how Privacy by Design can give a sustainable competitive advantage in advertising and marketing.
The Fiduciary Access to Digital Assets Act in Michigan:Now That We Have it, W...gallowayandcollens
Attorney Howard Collens presented the most recent updates on Michigan’s new Fiduciary Access to Digital Assets Act. Now is the perfect time to update your will, trust and power of attorney to incorporate the latest options for dealing with your digital assets.
The Fiduciary Access to Digital Assets Act in Michigan: Now That We Have it, ...gallowayandcollens
Attorney Howard H. Collens presents the most recent updates on the new Fiduciary Access to Digital Assets Act. Learn the many states that have recently enacted the new Act and updates on what the future holds for estate planning and digital assets.
The Fiduciary Access to Digital Assets Act in Michigan: Now That We Have it, ...gallowayandcollens
In an era where technology plays such an important part of everyday life, the attorney needs to understand how to properly plan for a client’s digital assets. This presentation will discuss Michigan’s new Fiduciary Access to Digital Assets Act and how to incorporate it into your existing practice.
Originally presented at PRIMMA mobile privacy workshop, Imperial College London, 23 Sep 2010. Updated version given at Security and Privacy in Implantable Medical Devices workshop, EPFL, 1 April 2011, and a German Academy of Engineering conference in Berlin on 26 March 2012. Compact version given at Urban Prototyping conference, Imperial College London, 9 April 2013. Updated with ENISA privacy engineering report for 3rd Latin American Data Protection conference in Medellin, 28-29 May 2015.
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
My presentation for SUG Hungary presented on 26.06.2018 with topic Privacy by Design and by Default and General Data Protection Regulation with Sitecore
Erasing you Digital Footprint - Using Michigan's Fiduciary Access to Digital ...gallowayandcollens
Could someone else, acting on your behalf, gain access to your digital assets? What if the person was deceased? Would you want them to be able to? Access to Digital Assets would be challenging, if not impossible, without a Fiduciary Access to Digital Assets law. Now that Michigan has enacted this Act, how will it effect your estate planning?
Privacy and Security by Design Spotlight Presentation at HIMMS Privacy and Security Forum, December 5th 2016. Presented by Jeff R. Livingstone, PhD, Vice President and Global Lead, Life Sciences & Healthcare, Unisys Corporation.
UCD Smurfit presentation: Cookies & Online PrivacyLara Zaccaria
An analysis on how online privacy matters for both consumers and marketers.
Presentation for the course "Digital Technology an Design"
Lecturer: Eoghan Nolan
Students: Eiva Orce, Matteo Balzarini and Lara Zaccaria
Lightning talk delivered to EDW14 on Data Privacy as an outcome to be achieved through effective data management. Proposed concept of "Value Proposition" as originally defined to be applied to Privacy, with Data Governance and other disciplines being part of the "Value Delivery System" to achieve balanced Key Resulting Experiences.
The Fiduciary Access to Digital Assets Act in Michigan: Now That We Have it, ...gallowayandcollens
In an era where technology plays such an important part of everyday life, the attorney needs to understand how to properly plan for a client’s digital assets. This presentation will discuss Michigan’s new Fiduciary Access to Digital Assets Act and how to incorporate it into your existing practice.
Originally presented at PRIMMA mobile privacy workshop, Imperial College London, 23 Sep 2010. Updated version given at Security and Privacy in Implantable Medical Devices workshop, EPFL, 1 April 2011, and a German Academy of Engineering conference in Berlin on 26 March 2012. Compact version given at Urban Prototyping conference, Imperial College London, 9 April 2013. Updated with ENISA privacy engineering report for 3rd Latin American Data Protection conference in Medellin, 28-29 May 2015.
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
My presentation for SUG Hungary presented on 26.06.2018 with topic Privacy by Design and by Default and General Data Protection Regulation with Sitecore
Erasing you Digital Footprint - Using Michigan's Fiduciary Access to Digital ...gallowayandcollens
Could someone else, acting on your behalf, gain access to your digital assets? What if the person was deceased? Would you want them to be able to? Access to Digital Assets would be challenging, if not impossible, without a Fiduciary Access to Digital Assets law. Now that Michigan has enacted this Act, how will it effect your estate planning?
Privacy and Security by Design Spotlight Presentation at HIMMS Privacy and Security Forum, December 5th 2016. Presented by Jeff R. Livingstone, PhD, Vice President and Global Lead, Life Sciences & Healthcare, Unisys Corporation.
UCD Smurfit presentation: Cookies & Online PrivacyLara Zaccaria
An analysis on how online privacy matters for both consumers and marketers.
Presentation for the course "Digital Technology an Design"
Lecturer: Eoghan Nolan
Students: Eiva Orce, Matteo Balzarini and Lara Zaccaria
Lightning talk delivered to EDW14 on Data Privacy as an outcome to be achieved through effective data management. Proposed concept of "Value Proposition" as originally defined to be applied to Privacy, with Data Governance and other disciplines being part of the "Value Delivery System" to achieve balanced Key Resulting Experiences.
This is a Heuristic evaluation of an Indian online radio site called as BC radio. BC Radio's vision is to promote emerging artists which are not part of mainstream music industry. They support new talent while always preserving their rights as musicians and attempting to curb piracy of their content.
About the test:
A heuristic evaluation is a usability inspection method for computer software that helps to identify usability problems in the user interface (UI) design. It specifically involves evaluators examining the interface and judging its compliance with recognized usability principles.
We mainly used Think aloud method to come up with the insights.
eBusiness Club "Demystifying the EU Cookie Law presentation, GeldardsJon Egley
The eBusiness Club eBiz byte seminar delivered by Julian Turner, Senior Associate Solicitor with one of the country’s leading regional law firms Geldards demystifying both the legal issues whilst offering practical advice on how to implement effective solutions.
Dive deeper into the importance of privacy policies, their benefits for businesses, the potential penalties for inadequate policies, and the most efficient way to deploy them on websites. Read Guide: https://securiti.ai/what-is-a-privacy-policy/
On 26th May 2012 the UK will become subject to enforcement of a new EU cookie law. With a raft of options and unclear advice on what will and wont contravene the regulations, website owners are understandably concerned. Crafted cut through the confusion with sensible advice for all website owners on their responsibliities and options.
Privacy is a topic that inevitably emerges whenever people speak about technology or business. What is it, really? How can you build a program to support it and balance it within our businesses? This session will cover the basics of a privacy program for organisations, some of the more applicable regulations on privacy, how to find the right balance and how to begin to implement your program. We will also discuss how to position your privacy program as a business enabler, establish some lightweight internal governance processes as well as customer and employee communications and awareness, too. Bring your questions and cases to review and analyse.
Trends in Law Practice Management – Calculating the RisksNicole Garton
Presented by the CBA’s Legal Profession Assistance Conference, the Canadian Lawyers Insurance Association and the National Law Practice Management and Technology Section live via webconference.
The advantages of cloud computing, virtual or online law practices and unbundling of legal services are getting a lot of press – convenience to clients, reduced overhead expenses, remote access, and enhanced access to justice are among the benefits touted. But there are also very real and practical risks, and ethical implications, for each new tool or practice implemented. As these trends infiltrate legal practice in North America, lawyers and law firm leaders need to exercise due diligence to assess the potential risks and benefits.
Our panelists, Nicole Garton-Jones and David Bilinsky will provide a practical overview of these trends in law practice management. In doing so, they’ll provide you with tools to reduce the risk and identify the questions you need to ask yourself, as well as potential third party service providers, your insurers and your law society, when conducting your own risk-benefit analysis.
Register here: http://www.cba.org/pd/details_en.aspx?id=na_onfeb212
Keeping client confidences secure in the digital age is not always easy, but it certainly is necessary. It seems like there’s always some new technology tool or gadget that lawyers are told they “have to” learn. This program covers how to ethically use today’s technology and what emerging tools are important for lawyers to consider.
As the confluence of several mature and emerging technologies, the Internet of Things (IoT) is rapidly developing into a vibrant new marketplace. What are important considerations for technology, media, and telecom (TMT) companies as they compete for opportunities? This presentation covers:
• Questions TMT executives should be asking about impacts of IoT technologies, performance improvement opportunities, and where value can be generated.
• Building an IoT ecosystem where all players benefit – defining different players' roles and relationships, and already-successful tactics.
• Security and privacy challenges, including how data protection responsibility is assigned and monitored, and defining appropriate security and privacy standards.
Explore this quickly developing new opportunity for TMT companies.
Get more IoT insights: http://www.deloitte.com/us/iot_ecosystem
Presented at the Gartner Identity & Access Management Summit, London, Travis Greene discussed the opportunities and challenges of the Internet of Things (IoT), as well as the early indicators of what the IoT world will look like. He also addressed IoT security and privacy, and the critical role that identity will play in the future.
Similar to Cookies and Data Protection - a Practitioner's perspective (20)
From Asset to Impact - Presentation to ICS Data Protection Conference 2011Castlebridge Associates
This is a presentation I delivered to the Irish Computer Society Data Protection Conference in February 2011 and again on a webinar for dataqualitypro.com in March 2011.
It looks (for what I believe was the first time) at the relationship between Information Quality and Data Governance principles and practices and the objectives of Data Protection/Privacy compliance. it includes my first version of the mapping of the 8 Data Protection principles to the POSMAD Information Life Cycle referred to by McGilvray and others in the IQ/DQ fields.
Presentation prepared for a webinar hosted by the International Association for Information & Data Quality (www.iaidq.org)
It looks a a few low cost, high practicality approaches to driving Information Quality change in your organisation.
Big Data - it's the big buzz. But is it dead on arrival?
In this presentation Daragh O Brien looks at the history of information management, the challenges of data quality and governance, and the implications for big data...
BYOD is all the rage, but our MD, Daragh O Brien, has a contrarian view.
BYOD places the emphasis on the devices and technology. This is wrong. The focus needs to shift back to the reason we have this technology in the first place - accessing and processing information.
By thinking "GATOR" (Give Access to Our Resources) we can broaden our thinking about the Who, How, Where, Why, and When of our information management regardless of how the device that is accessing it was procured.
This presentation was prepared and delivered for an awareness event hosted by Netspeed (www.netspeed.ie) and Aruba
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
4. What is a Cookie?
“…is usually a small piece of data sent
from a website and stored in a
user's web browser while a user is
browsing a website” (Wikipedia)
…”cookies are small, often encrypted
text files, located in browser directories”
(allaboutcookies.org)
“A cookie is information that a Web site
puts on your hard disk so that it can
remember something about you at a
later time.”
(http://searchsoftwarequality.techtarget.com/
definition/cookie)
5. What SI336 says…
• (3) A person shall not use an electronic communications network to store information, or to
gain access to information already stored in the terminal equipment of a subscriber or user,
unless
(a) the subscriber or user has given his or her consent to that use, and
(b) the subscriber or user has been provided with clear and comprehensive information in accordance
with the Data Protection Acts which—
• (i) is both prominently displayed and easily accessible, and
• (ii) includes, without limitation, the purposes of the processing of the information.
• (4) For the purpose of paragraph (3), the methods of providing information and giving
consent should be as user-friendly as possible. Where it is technically possible and effective,
having regard to the relevant provisions of the Data Protection Acts, the user‟s consent to
the storing of information or to gaining access to information already stored may be given by
the use of appropriate browser settings or other technological application by means of which
the user can be considered to have given his or her consent.
• (5) Paragraph (3) does not prevent any technical storage of, or access to, information for the
sole purpose of carrying out the transmission of a communication over an electronic
communications network or which is strictly necessary in order to provide an information
society service explicitly requested by the subscriber or user.
6. Which Means?
The Legislation
covers a LOT more
than just text
Cookies and
Browsers
7. • Flash Local Objects
• Apps storing data
• SQLite databases
• HTML 5
Local
Storage
• Traditional
browser cookies
(plus SQLite,
Flash, HTML5
• Traditional
• Data
browser cookies
logging
(plus SQLite,
• Usage
Flash, HTML5
data
8. Exceptions?
Strictly Necessary?
Information Society Service?
Explicitly Requested?
9. “So far, for 50 years, the
information revolution has
centered on data—their
collection, storage,
transmission, analysis, and
presentation. It has
centered on the "T" in IT.
The next information
revolution asks, what is the
MEANING of information,
and what is its PURPOSE?”
10. Directive does not specify how consent
Questions of Consent & Guidance
should be obtained.
ICO in the UK allowed “implied consent” at
the last minute.
A29 Working Group Opinion (subsequently)
focused on “informed consent”.
Guidance (to date) has focused on
traditional web browser and flash cookies.
11. DPC Guidance
• Non-third party cookies:
• Prominent Notice giving information on Cookies with ability to
click through and make an informed choice re: consent
• Cookies in General:
• Consent should be user friendly as possible
• Require clear communication about what the user is being asked to
consent to
• A means of giving or refusing consent to data being stored or
retrieved
12. Varying Degrees of Compliance
utilities
telecomms
media
legal
insurance
industry group
government
financial
consulting
charity
0% 20% 40% 60% 80% 100%
Mentioned in Privacy Statement No Notice Given Cookies Policy Cookie Notice
13. An example of Compliance Confusion
UK Website for a major multinational professional services
firm.
14. An example of Compliance Confusion
Irish Website of same Professional Services firm.
15. Announcement on 5th September by leading UK web design firm that developed a leading Cookie Compliance
solution
16. Don’t endorse this approach
But can understand
Screen grab of Silktide.com’s “No Cookie Law” website
(www.nocookielaw.com)
18. • Unaware of what needs to be
done?
• Aware but not willing to make
changes until their peers are
making changes?
19. Yes, I know we are not compliant but none of
our competitors are either. Given the limits on
our budgets we can‟t even begin to put those
changes on the table for discussion until our
competitors are also being forced to make the
change.
We don‟t see a “first mover advantage” here if
there is no enforcement and if the penalty is
less than the cost of development.
It doesn’t help that Government and EU
departments have failed to bring their
websites and mobile apps into
compliance.
20. A change of mind set and culture is
required
Compliance =
GOOD!! Cookies need to be seen as data assets
that your organisation wants to store in
someone else’s property
The focus needs to shift to PRIVACY not
the Technology. Meaning and intent of
the stored data is imperative
Professional bodies like IDMA can
promote good practice.
Regulators must enforce
Legal Counsel must look to the Meaning
and Purpose of Cookies
23. Self-Regulation Light Touch Rigid Rules
Need to learn from mistakes and
successes of other Regulatory
regimes and laws.
24. Evidence based policy
objectives and
governance requirements
are key
“The Information Commissioner Christopher
Graham has questioned the effectiveness of the
EU cookie directive, suggesting that it was
„dreamed up by politicians in Brussels‟ without the
appropriate market research to back it up.”
- quoted in TechWorld.com, 15/09/2012
25. "More and more citizens and
consumers are waking up to the
implications of sharing personal
data online," he said. "By fresh
thinking that recognises where
the consumer is coming
from, we can develop policies
that really work.“
(speaking at launch of “Data Dialogue” Report, Sept 2012)
27. Good Information Management culture
1. Recognise cookies as a data asset
• Bring in advisors who understand Data Governance principles if necessary
• Think “Privacy” first, then “Technology”
2. Think in terms of the process that is using the Data Asset
• Is the use of the asset essential to the objective/purpose of the process?
• Does the process require data to be shared with 3rd parties?
• How „invasive‟ is the process?
• Is the process adding value or creating risk?
3. Document
4. Promote transparency
• A GOOD Privacy Statement that can be read by HUMANS!!!
5. Keep under regular review
6. Consider spirit and intent of Directive, not just the literal interpretation.
7. Implement appropriate (often low cost) solutions to design compliance and
privacy controls into your processes.
8. Think about PRIVACY then about TECHNOLOGY