1 / 39

Privacy and Security for Marketing

Privacy and Security for Marketing. Mark D. Rasch Director, Privacy and Security Consulting CSC – MRasch2@csc.com. # bridgeconf. John Wannamaker. “Half the money I spend on advertising is wasted. The trouble is, I don’t know which half.”. Goals of Marketers.

ryann
Download Presentation

Privacy and Security for Marketing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy and Security for Marketing Mark D. Rasch Director, Privacy and Security Consulting CSC – MRasch2@csc.com #bridgeconf

  2. John Wannamaker • “Half the money I spend on advertising is wasted. The trouble is, I don’t know which half.”

  3. Goals of Marketers • Obtain comprehensive, accurate and timely data about possible customers that includes: • Purchasing habits and predictions • Profile (race, age, orientation, income) that might influence purchasing • Information about readiness to buy • Location information

  4. Secret Goal of Marketers • NOT to sell to customer • BUT • To get customer to sell to others! • Thus, social marketing, Google, Facebook, etc.

  5. Don’t Be Evil? • Google’s new privacy policy effective March 1, 2012 • “if you’re signed in, we may combine information you’ve provided from one service with information from other services”

  6. Goog 411 • Free directory assistance • 1-800-GOOG411 • Business listings AND connection and direction • What does Google collect?

  7. Location Data + Desire • The Holy Grail of Marketing • Knowing WHO wants to buy • WHAT they want to buy • WHEN they are ready to buy and • WHERE they are going to buy

  8. Location Data • From apps • From IP address • From databases • Public Databases • Social Networking • From technology • Cell phone • EZ Pass • OnStar • From Surveillance

  9. US v. Antoine Jones • Government put GPS transmitter on car • No warrant (actually exceeded scope of warrant) • Monitored all activities for 28 days • No expectation of privacy?

  10. Supreme Court (January 24, 2012) • Majority (Scalia) – Placing Device on Car is trespass, and a “search and seizure” under 4th Amendment – warrant likely required. • Concur – Sotomayor – agrees that there was trespass but would go much further – even reexamine Smith v. Maryland • Alito (w/Ginsburg, Breyer & Kagan) – no trespass, harm was in monitoring

  11. Stingray • Spoof cell tower • Obtain ESN and signal strength • Learn location • No warrant, no subponea • In use now US v. David Rigmaiden

  12. Footpath • Monitors cell phone of customers • Determines location of customers as they travel through the mall • “ping” cell phone for location data • In use in UK – claim that data is publicly disclosed

  13. 18 USC 3127 • “pen register” records or decodes dialing, routing, addressing, or signaling information (not content) • “trap and trace device” captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing, and signaling information reasonably likely to identify the source of a wire or electronic communication, provided, however, that such information shall not include the contents of any communication;

  14. Who Knows WHERE You Are? • OnStar • AT&T/Verizon/Sprint (as cell provider) • AT&T/Verizon/Sprint (as data provider) • Google (for maps, etc.) • EZ Pass • Red Light/Speeding/License Recognition • Parking Meters • Video Surveillance/Facial Recognition

  15. Who ELSE knows where you are? • Location aware applications • Intermediaries • Data Collectors • ISP’s • Other third parties

  16. What Do Marketers Want? • Surfing activity? • Purchasing Activity? • Social Networks? • Interactions with others? • Stores • Hospitals • Insurance • Others?

  17. Where Does Consumer Data Go? Source: The Future of Privacy Forum - http://www.futureofprivacy.org/2008/11/26/where-does-your-data-go-before-you-even-click/

  18. Amazon Kindle Fire • Browser is “cloud optimized” • Means ALL data travels through Amazon cloud services unencrypted • So, Amazon knows everything you look at, purchase, etc. • No limit on use/sale of that data

  19. Behavioral Targeting Activities Source: TRUSTe Whitepaper: Online Behavioral Advertising: A Checklist of Practices That Impact Consumer Trust

  20. Facial Recognition Marketing • Facial Recognition for targeting • Target ads based on identity or attributes • Coke Zero Facial Profiler – why are they doing this?

  21. Privacy remains extremely important to a majority of individuals. Source: TRUSTe/TNS 2009 Study: Consumer Attitudes About Behavioral Targeting

  22. Are you familiar with the term “behavioral targeting”? Source: TRUSTe/TNS 2009 Study: Consumer Attitudes About Behavioral Targeting

  23. When I am online, I am aware that my browsing information may be collected by a third party for advertising purposes. Source: TRUSTe/TNS 2009 Study: Consumer Attitudes About Behavioral Targeting

  24. CMU Augmented Reality Experiment • August 2011 – Prof. Alessandro Acquisti, Ralph Gross, Fred Stuzman • Collected images of people walking around on campus • Used public databases

  25. Augmented Reality Publicly available with off the shelf facial recognition

  26. Augmented Reality Publicly available with off the shelf facial recognition

  27. But wait… there’s more… • With JUST the image of the passer-by, could obtain subjects’ • Name, address, telephone number • Photos of friends, house, neighbors, associates • Court records, license info., mortgage and assessment • Social Security Number!

  28. NORA • Harmonizes data • Looks for patterns • Links databases • Finds non-obvious patterns • Acts on patterns

  29. Sorrell v. IMS Health, Inc. • Facts • Drug companies use “detailing” • Vermont statute regulates “prescriber-identifying information.” Without consent: • Pharmacy can’t sell it (for marketing?) • Pharmacy can’t allow it to be used for marketing • Drug company can’t use it in marketing • Drug companies and data miners both sue • Similar Maine and N.H. statutes upheld • Second Circuit strikes down Vermont’s

  30. Sorrell v. IMS Health, Inc. • Heightened scrutiny • The creation and dissemination of information are speech • This content-based restriction is like a ban on selling cookbooks, lab results, train schedules • Detailers can’t do their job (speech) without this commodity (information); like banning a trade magazine from buying ink

  31. Privacy Principles • Respect Privacy • Data Subjects have a right to know what is being collected • Opt in/Opt Out • Protect Data • Data Accuracy • Don’t be creepy…

  32. Basic Principles of Privacy Personal data should not be processed at all, except when certain conditions are met. These conditions fall into three categories: transparency, legitimate purpose and proportionality.

  33. Transparency The data subject has the right to be informed when his personal data is being processed. The controller must provide his name and address, the purpose of processing, the recipients of the data and all other information required to ensure the processing is fair. • when the data subject has given his consent • when the processing is necessary for the performance of or the entering into a contract • when processing is necessary for compliance with a legal obligation • when processing is necessary in order to protect the vital interests of the data subject • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed • processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject. The data subject has the right to access all data processed about him. The data subject even has the right to demand the rectification, deletion or blocking of data that is incomplete, inaccurate or isn't being processed in compliance with the data protection rules. (art. 12)

  34. Legitimate purpose Personal data can only be processed for specified explicit and legitimate purposes and may not be processed further in a way incompatible with those purposes.

  35. Proportionality Personal data may be processed only insofar as it is adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed. The data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; The data shouldn't be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use. When sensitive personal data (can be: religious beliefs, political opinions, health, sexual orientation, race, membership of past organizations) are being processed, extra restrictions apply. The data subject may object at any time to the processing of personal data for the purpose of direct marketing.

  36. In Summary • Don’t be evil • Transparency is good • Privacy can be your friend (and respect for privacy can be to) • In the end, MOST people don’t care that much… • A soldier will fight long and hard for a bit of colored ribbon. Napoleon Bonaparte

  37. For more information… Mark D. RaschDirector, CyberSecurity and Privacy Consulting, CSC3160 Fairview Park Drive, Room 305Falls Church, Virginia 22042Tel: +1 301 547-6925 Fax +1 240 209-5344mrasch2@csc.com

  38. Closing Slide: Thank you and your contact info here Don’t forget to visit the Solutions Showcase! Many of the ideas discussed today are on display at the Solutions Showcase! #bridgeconf

More Related