© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Predictive Analytics, Privacy & You:Creeping Up On Creepy
Christopher Surdak, JD, Global Subject Matter Expert
13 February, 2015
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
Your 15 Minutes of Fame?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
How Are Security and Privacy Different?
Security
• Authentication
• Access controls
• Availability
• Confidentiality
• Integrity
• Retention
• Storage
• Backup
• Incident response
• Recovery
Protection
Mechanisms
Privacy
“Individual Rights”
• Fairness of Use
• Notice
• Choice
• Access
• Accountability
• Security
Handling
Mechanisms
Many Privacy Laws Also Restrict Trans-Border Data Flow of Personal
Information
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
Wherefore Art Thou, Privacy?
We are:• Mobile: Connectivity, every-where, every-when
• Connected: All of our relationships, business, family,
personal, are managed through Social Media
• Exposed: People share remarkable details about
themselves online
• Dependent: Technologies ingrained into our very lives
We are:• Vulnerable: Constant, persistent attacks against our
information
• Product: Our information is the basis of an entire
economic structure
• Unarmed: We have few tools to manage our digital
lives
• Unaware: Of our actual level of exposure and
vulnerability
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
Changing ExpectationsUSC Annenberg Center for the Digital Future:
70% of Millennials say no one should have access to
their data or online behavior.
Yet:
• 25% will trade it away for more relevant advertising
• 56% will share their location for coupons or deals
• 51% say they’ll share information with companies if
they get something in return.
The Privacy Paradox
I demand “deep personalization”
• What I want
• Where I want
• When I want
• How I want
I expect privacy
• Anonymity
• Freedom
• Protection
Pick *ONE*
because you can’t have both!
What is for sale?
Top 6 Companies in the World, by Market Capitalization, June 2014 (Source, PwC)
What do they Sell?Who?Rank
Phones?1
Oil2
Nothing?3
Money4
Oil5
Stuff6
Companies like Google, Facebook, Yahoo, Twitter and Microsoft (Bing) spend tens of billions of dollars per year on servers, storage, networking and electricity
How much did you pay to use their services?
YOU ARE THE PRODUCT!
Changing Expectations
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Six Challenges of “The New Normal”
Purpose: Support customers’ need for and sense of purpose.
Quality: Consumers expect perfection. Deliver less and your customers will abandon you
forever.
Ubiquity: Globalization means anything, anywhere, anytime. Anything less is
unacceptable.
Immediacy: Immediate gratification. “There’s an app for that” instantly, predictively.
Disengagement: Don’t build, don’t run, don’t outsource, don’t care. I only buy a result.
Intimacy: Customers hunger for other forms of connectedness. Feeling like part of a
community will be even more important as our needs are met more anonymously.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
The Customer Engagement Continuum
Timing:
Topic:
Purpose:
Value:
Reactive Responsive Predictive Persuasive
Past Present Future Future
What has
happened
What is
happening
What might
happen
What should
happen
Understand
the Past
Understand
the Present
Understand
the Future
Change the
Future
What worked
before may
work again
Is there an
opportunity
right now
Is there an
opportunity
coming
Can I create
an opportunity
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
Creeping Towards Creepy
What’s the Issue, What’s at Stake?
• E-
Coupons
Creepiness
The best companies must walk the razor’s edge between these two extremes
Intimacy
• I-Coupons
• “Liking” • Geo-
Tracking
• Predictive Shipping
• Suggestion lists • Cookies
• Reverse Grouponing • Behavior Modeling
• Behavior Manipulation• Needs Anticipation
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
Innovation Outpaces Morality?
“Like” this if you feel violated…
Why Care?
What if analytics and
predictive technologies can change customer behavior
1%?
$18 billion in increased revenue!
Cha-Ching!!!
In reality, these technologies
easily double or triple results
Can changes to the customer
environs double their
purchases? Triple? Do you know?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
The Big Data balance sheet
Monetize
Differentiate
Personalize
Monitor
Meter
Optimize
Predict
…and more
Regulate
Comply
Control
Secure
Address
Ensure
Assets Liabilities
Are the Kids Alright? High School
And College?
And After That?
Everything, Forever
There is NO DELETE on the Internet!
You CANNOT take it back!
When someone looks you up,
they don’t see how old the
information is
The current trend is to analyze
what you type, BEFORE you
send it!
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21
Many regulations require that Personal Identifying Information (PII) be anonymised before use for other purposes:
• PIPEDA
• FOIPPA
• US HIPPA
Is it Really Possible to Anonymise Data?
Complete Data Anonymised DataAnonymised Set 2
Anonymised Set 1
Consolidated Data Reanimated Data
Part 3 — Consent
Consent required
6 (1) An organization must not
• (a) collect personal information about an individual,
• (b) use personal information about an individual, or
• (c) disclose personal information about an individual.
(2) Subsection (1) does not apply if
(a) the individual gives consent to the collection, use or disclosure,
(b) this Act authorizes the collection, use or disclosure without the consent of the individual, or
(c) this Act deems the collection, use or disclosure to be consented to by the individual.
BC PIPAProvision of consent7 (1) An individual has not given consent under this Act to an organization unless
(a) the organization has provided the individual with the information required under section 10 (1), and(b) the individual's consent is provided in accordance with this Act.
(2) An organization must not, as a condition of supplying a product or service, require an individual to consent to the collection, use or disclosure of personal information beyond what is necessary to provide the product or service.
(3) If an organization attempts to obtain consent for collecting, using or disclosing personal information by
(a) providing false or misleading information respecting the collection, use or disclosure of the information, or(b) using deceptive or misleading practicesany consent provided in those circumstances is not validly given.
Implicit consent8 (1) An individual is deemed to consent to the collection, use or disclosure of personal information by an organization for a purpose if
(a) at the time the consent is deemed to be given, the purpose would be considered to be obvious to a reasonable person, and(b) the individual voluntarily provides the personal information to the organization for that purpose.
(2) An individual is deemed to consent to the collection, use or disclosure of personal information for the purpose of his or her enrollment or coverage under an insurance, pension, benefit or similar plan, policy or contract if he or she
(a) is a beneficiary or has an interest as an insured under the plan, policy or contract, and(b) is not the applicant for the plan, policy or contract.
(3) An organization may collect, use or disclose personal information about an individual for specified purposes if
(a) the organization provides the individual with a notice, in a form the individual can reasonably be considered to understand, that it intends to collect, use or disclose the individual's personal information for those purposes,(b) the organization gives the individual a reasonable opportunity to decline within a reasonable time to have his or her personal information collected, used or disclosed for those purposes,(c) the individual does not decline, within the time allowed under paragraph (b), the proposed collection, use or disclosure, and(d) the collection, use or disclosure of personal information is reasonable having regard to the sensitivity of the personal information in the circumstances.
(4) Subsection (1) does not authorize an organization to collect, use or disclose personal information for a different purpose than the purpose to which that subsection applies.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23
Do You Read Your EULAs?
The Language in End User
License Agreements
(EULAs) are broad, open to
a range of interpretations,
and are designed to allow
vendors to make money
from your data
FaceBook EULA
Sharing Your Content and Information
You own all of the content and information you post on Facebook, and you can
control how it is shared through your privacy and application settings. In
addition:
For content that is covered by intellectual property rights, like photos and
videos (IP content), you specifically give us the following permission,
subject to your privacyand application settings: you grant us a non-
exclusive, transferable, sub-licensable, royalty-free, worldwide license to
use any IP content that you post on or in connection with Facebook (IP
License). This IP License ends when you delete your IP content or your
account unless your content has been shared with others, and they have
not deleted it.
As of 12 February, 2015
About Advertisements and Other Commercial Content Served or Enhanced by Facebook
Our goal is to deliver advertising and other commercial or sponsored content that is
valuable to our users and advertisers. In order to help us do that, you agree to the
following:
You give us permission to use your name, profile picture, content, and
information in connection with commercial, sponsored, or related content (such
as a brand you like) served or enhanced by us. This means, for example, that
you permit a business or other entity to pay us to display your name and/or
profile picture with your content or information, without any compensation to
you. If you have selected a specific audience for your content or information, we
will respect your choice when we use it.
We do not give your content or information to advertisers without your consent.
You understand that we may not always identify paid services and communications
as such.
AmendmentsWe’ll notify you before we make changes to these terms and give you
the opportunity to review and comment on the revised terms before
continuing to use our Services.
If we make changes to policies, guidelines or other terms referenced in
or incorporated by this Statement, we may provide notice on the Site
Governance Page.
Your continued use of the Facebook Services, following notice of the changes to our terms, policies or guidelines, constitutes your acceptance of our amended terms, policies or guidelines.
Special Provisions Applicable to Users Outside the United States
We strive to create a global community with consistent standards for everyone,
but we also strive to respect local laws. The following provisions apply to users
and non-users who interact with Facebook outside the United States:
You consent to having your personal data transferred to and processed in
the United States.
If you are located in a country embargoed by the United States, or are on
the U.S. Treasury Department's list of Specially Designated Nationals you
will not engage in commercial activities on Facebook (such as advertising
or payments) or operate a Platform application or website. You will not use
Facebook if you are prohibited from receiving products, services, or
software originating from the United States.
By using or accessing Facebook Services, you agree that we can collect and use such content and information in accordance with the Data Policy as amended from time to time.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25
Google’s EULAFrom Support.Google.com; 8/11/2014
Device & app historyAn app can use one or more of the following:
Read sensitive log data
Retrieve system internal state
Read your web bookmarks and history
Retrieve running apps
Cellular data settingsAn app can use settings that control your mobile data
connection and potentially the data you receive.
IdentityAn app can use your account and/or profile information on your
device.
Identity access may include the ability to:
Find accounts on the device
Read your own contact card (example: name and contact
information)
Modify your own contact card
Add or remove accounts
Contacts/CalendarAn app can use your device's contacts and/or calendar information.
Contacts and calendar access may include the ability to:
Read your contacts
Modify your contacts
Read calendar events plus confidential information
Add or modify calendar events and send email to guests without
owners‘ knowledge
LocationAn app can use your device's location.
Location access may include:
Approximate location (network-based)
Precise location (GPS and network-based)
Access extra location provider commands
GPS access
PhoneAn app can use your phone and/or its call history.
Note: Depending on your plan, you may be charged by your carrier
for phone calls.
Phone access may include the ability to:
Directly call phone numbers; this may cost you money
Write call log (example: call history)
Read call log
Reroute outgoing calls
Modify phone state
Make calls without your intervention
Photos/Media/FilesAn app can use files or data stored on your device.
Photos/Media/Files access may include the ability to:
Read the contents of your USB storage (example: SD card)
Modify or delete the contents of your USB storage
Format external storage
Mount or unmount external storage
Camera/MicrophoneAn app can use your device's camera and/or microphone.
Camera and microphone access may include the ability to:
Take pictures and videos
Record audio
Record video
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26
Case Study: License Plate Recognition
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27
Used in association with ANPR
Vehicle Recognition
• Match Make and/or Model
– Easy to train
– Real-time matching
• Alert or Search for Vehicle without
registration
• Validate database using ANPR result to
identify illegal plated vehicles
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28
Face Recognition Demo: Office Entrance
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29
Use case – Police surveillance
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30
Use Case – Counting and Access control
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31
What to expectA Framework for Privacy Management
Disclosure: Companies would notify consumers in detail what is collected, how frequently, by whom, and how it may be used.
Transparency: Consumers would be notified when their data is being used, in real time, to influence their opinions or actions.
Recourse: Consumers would be allowed to adjust how their data is used to suit their own comfort level. This would mean no more blanket authorizations when a user downloads an app or signs up for an account.
Monitoring: Consumers must be able to confirm that businesses respect their wishes.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32
Disruption is Guaranteed
Are you disrupting,
or
being disrupted?
Email: [email protected]
Twitter: @csurdak
M: 714.398.4874
If you’d like to learn more, check out “Data Crush,” from AMACOM
Publishing,
getAbstract’s International Book of the Year, 2014
Also see my columns in European Business Review Magazine,
Dataconomy.com and my blog posts on HP.com
Thank You