Date post: | 13-Feb-2017 |
Category: |
Data & Analytics |
Upload: | aurelie-pols |
View: | 845 times |
Download: | 0 times |
@aureliepols
Would you lie to your physician?
AuréliePols,SuperweekFebruary2016
@aureliepols
Monkey repor6ng on remote-controlled data cows?
AuréliePols,February2016
Superweek.hu
h-p://www.theguardian.com/technology/2016/jan/30/europe-google-facebook-technology-ethics-eu-marCn-schulz
@aureliepols
Let’s Play a Game: Are you willing to give & allow storage of this data about you?
1. Myfirst-andlastname
2. Mybirthdate
3. Mycurrenthomeaddress
4. Mybankaccountinfo
5. Allofmyonlinesearches
6. AllwebsitesIhaveevervisited7. ThenamesofeveryoneIcommunicatewith(email,
Skype,app,chat,snap,call)
8. Names,phonenumbersandphotosofeveryoneIknow
9. WhereIamandwhereI’veeverbeen
10. ThecontentofallmycommunicaConwithothersatallCmes
Source:notmyquesCons!h-ps://www.youtube.com/watch?v=BVM]zKnSgs
@aureliepols
Would you lie to your physician?
AuréliePols,SuperweekFebruary2016
@aureliepols
I do! (lie to my doctor)
Whenitappliestome!
Notforwhat’smostdear…
@aureliepols
Risk averse for my children
Ø MymostpreciousassetsØ WesharecommongoalsØ Andspeakthesamelanguage
CouldyousaythesameofyourLegalCounsel?
@aureliepols
Consider before crucifying the Rule of law 1. ThespecificsofdataasanEconomicAsset:
² Dataininfinitelytransferablewithoutdecay
2. Oeenforgo-enLegislaCveChallenges² DefiningandrecognizingDataHarms
3. RelatedtoevolvingPrivacyLegislaCon² ComplianceisaRiskExercise
4. MinimizingPrivacyrelatedRisks² YOURliabilitywithintheDataEcosystem
@aureliepols
I’m not here to define Privacy
AnalyCcs
Privacy(&DataProtecCon)
@aureliepols
Fact remains: RACI matrices
Ø Legalcounselwillbeheldaccountable
Ø Legalcouncilshouldbeconsulted
• Responsible• Whois/willbedoingthistask?• Whoisassignedtoworkonthistask?R
• Accountable• Who’sheadwillrollifthisgoeswrong?• Whohastheauthority?totakedecision?A
• Consulted• Anyonewhocantellmemoreaboutthistask?
• AnystakeholdersalreadyidenCfied?C
• Informed• Anyonewhoseworkdependsonthistask?• Whohastobekeptupdatedabouttheprogress?
I
@aureliepols
In a world of dynamic regula6on
TwofundamentalDataPrivacyquesCons:1. Howfaristoofar(fordatause&transparency)?2. Whowilldecide(whatisacceptable)?
@aureliepols
If I had 1 £ for every 6me I heard…
1. Yesbutwedon’tcollectPII2. InternaConaldatatransfers?SafeHarbour!
@aureliepols
So what to do? 1 rules them all
Transparency
Choice
Informa6on review &
correc6on
Informa6on protec6on
Accountabil ity
@aureliepols
There is no PII NOC list, get over it!
SensiCvedata?Awashlistofcontroversialvariables!
@aureliepols
PII vs. Risk Levels
DIGITALEXHAUSTLowRisk
OBAMediumRisk(profiling)
HIPAAHEALTHDATAHighRisk(sensiCve)
RiskLevel
DatatypeInformaConSecurityMeasures
GeongclosertouniquelyidenCfyinganindividual
FCRACREDITSCORINGExtremelyHighRisk(profilingofsensiCvedata)
US:if/thenexercisesPII
@aureliepols
Where to start? 1. Defineyourself
• Whoareyouinthedataecosystem?
• WhatareyourobligaCons?
• Whatisexpectedofyou?
• (Whocanfindout?)
@aureliepols
Where to start?
2. DocumentyourDigitalEntanglement
High-levelmock-upofexisCngclient.
Nextsteps:
ü Terms&sovereignCes
ü Datapoints&access/sharingü Purpose&Consentü DataretenConperiods
@aureliepols
Where to start?
3. AlignyourliabiliVes:Ø Whatdothetermsallow?
Ø WhichdatapointsareyoucollecCng?
Ø Whichclausesarebeingused(InternaConaldatatransfermechanisms:SafeHarbour)?
Ø Whohasaccess?Datasharing
Ø …
@aureliepols
Where to start?
Purpose Consent4. Don’tdroptheballonPurposeandConsent!
Whathappensifopt-outofemaillist,?h-ps://support.google.com/adwords/answer/6276125?hl=en
UK:OpCcalExpressbought“consented”datafromThomasCookSeeICOPECR:h-ps://ico.org.uk/for-organisaCons/guide-to-pecr/introducCon/what-are-pecr/
@aureliepols
Where to start?
5. UnderstandyourriskØ Oflegalissues:fines,classacCons
Schleswig-HolsteinDPAconsidersSafeHarbourclausestodayunacceptable+can’tbereplacedbymodelclauseseither=>isthisariskforyourcompany?
Ø Ofcustomerbacklashes:unexpected/creepydatausesTarget:usingshoppingbehaviortodefinepregnancystate(sensiCvedata)=>consent!
@aureliepols
Where to start?
6. Document,train&communicate
• Ifasked,beabletoshowyou’vedoneyourhomework
• Defineaccountability(datastewards)&escalaConprocedures
• Explain&askforhelp:yourcompanyisthepaVent!
@aureliepols
We all hated the “cookie Direc6ve”, right?
@aureliepols
Find out where the next Data Privacy challenges lie Foryou:Piwikwebinar
h-ps://piwik.pro/c/privacy-webinar/Foryourcolleagues:IAPPwebinar
h-ps://my.iapp.org/nc__event?id=a0l1a000000nDWsAAM
@aureliepols
LET’S START THE DISCUSSION
Graciasporsuatención!
THANKYOUFORLISTENING!