“Privacy Protection: The Consumer Side of Security”
A Panel with Michael Buhrmann, CEO and Chairman, Finsphere; Kristy Edwards, Senior Director, Global Privacy and Information Security, Oracle; Tom Malloy, SVP and Chief Software Architect, Advanced Technology Lab, Adobe Systems; Sim Simeonov, Co-Founder, Evidon; and Steven Sprague, CEO, Wave Systems; hosted by Jonathan Ewert, CEO, Codero
SS: Really important to generate stronger controls. Concept that anything sent to the cloud now belongs to someone else is not viable; it will change. Really haven’t thought this through well yet. Devices are missing protection things like control vaults.
SimS: Debate has been focussed a lot on data ownership, but the problem is more complex than that. Multiple parties, see, touch, use data. Problem of minimizing data leakage: in a single ad there are dozens of parties that touch the user’s machine. In the process of using an ad, data leaks. Information about an individual winds up infused throughout the system, winds up in the hands of many parties without any visibility.
Who has the most to lose? Advertisers, brands. Entities visible to the consumer have the most to lose. Most start up innovators have the most to lose. Incentives of party ecosystem are not aligned. The way data affects computers isn’t accounted for in the system.
MD: In current ad ecosystem, youre guessing the intentions of millions of people. If you put people in control of their data, they’ll actually do better data. Most data is joint. Not a subtle question in law yet. Need agents working on your behalf to help you aggregate and control your data, controlled by you and how its connected to commercial and other entities. Right types of control over data. There is an emerging understanding that we are in the midst of a radical shift and economics becomes much more feasible.
KE: Data is being created all the time– on an inverse path from oil. We are all producers in our personal and corporate lives. Refiners: SMEs, large enterprises, etc. Everyone is a consumer. Data as a commodity– more data on your website and more ad dollars, vs. risk of security breach in data collection.
Responsible companies should choose right partners and advisors, make smart tech investments, figure out what and where are your assets, protect assets, defense in depth.
KE: EU directive came out 15 years ago. Now there are 27 states involved, all with own version of privacy laws. Regulators wanted control within the country at time of adoption, but now shifting to a new more globalized ecosystem approach. Focus is on the Collector, but also the consumer.
MD: Just starting to form a legitimate system.
JE: This all becomes more complex with volume of devices. Given complexities of data generation, how will this all shake out without mobile standards?
MB: There are standards, just not published. In the us and globally, the purpose of the data determines security of data. Eg 911 locational data. With a location based advertising, you have to ask consumer for permission. Expectation that CC companies protect you using your data. Companies must build up trust. Largest companies are most trusted and have more data.
JE: Will I be in control of my data if I can subscribe to a helpful service?
SimS: Healthcare and biotechnology have a hard time having control of information. Location-based services should require opt-in. 200 pieces of data take part in LDS. No proof that data is open. Should be trying to move to a world of an accountable info supply chain. Then you can attach controls.
SS: So systemic across the board — digital rights management. Same problem for HBO and inappropriate FB pictures. The amount of investment and collaboration needed is 2-3 orders of magnitude more than currently in place. Let’s get down to business.
MD: Shifting from a harm model to information ownership. We live in a feudal society– you dont own any of your data. You’re a data serf. The breakthrough is the enlightenment.
JE: Whose data is it anyway?
TM: No one has the answer about mechanisms to achieve data ownership systems. Control of data: depends on piece of data. Some are reasonable to expect to own, but others we have no right of ownership. ie. Fact that you have committed a crime. Ownership will devolve to different entities.
In addition to ownership, value needs more exploration. Value is accrued based on consumer profiles in fairly canonical way on the internet. That value prop will evolve and change in interesting ways. Consumer has a right to engage more directly in those values.
Understanding transparency is key to understanding value. Now, it’s opaque environment. That will change sooner than sorting out issues about ownership and value. That will be a big enabler to move to next stage.