Jul
03
2015

Celebrating Privacy as One of Our Freedoms

PrivacySecurityFreedom

PrivacySecurityFreedom

By Alexandra Ross, The Privacy Guru

Where does privacy fit into our concepts of freedom, independence and democracy? Under what circumstances do we feel that our right to privacy – our “freedom from unauthorized intrusion” – has been violated?

Most of us consider privacy an essential component of freedom. As we approach this 4th of July holiday in the United States, it’s worth celebrating privacy as one of our fundamental freedoms and contemplating how we can maintain personal privacy in the modern world.

Many of us feel that privacy is a right – and it is delineated as such in the California State Constitution (although there is no express right to privacy in the U.S. Constitution). If we feel strongly about that right, what actions can we take to protect and maintain it?

We can be patriotic and at the same time voice concerns about government surveillance in the name of national security and prevention of terrorism. We can love and be proud of our country and still speak up against the creation of a surveillance state.

We can respectfully disagree with Eric Schmidt’s famous quote on privacy: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

It’s a delicate art and science to balance the societal and individual interests of privacy, security and freedom. If we value our privacy and wish to preserve one of our fundamental civilized rights we should remember: It’s OK to care about our privacy, even if we have nothing to hide.

 

Surveys Highlights Concerns

A recent NBC News Online Survey conducted during June 3–5, 2015 suggests our opinions on security and privacy are divided and in some ways contradictory. According to the survey:

“While 38 percent of Americans say the government’s surveillance program has gone too far in infringing on people’s privacy, 35 percent say the government’s program has been relatively balanced between privacy concerns and fighting terrorism. Another one in four Americans say the U.S. surveillance program has been too restrained in its efforts to combat terrorists.”

Privacy concerns remain an issue for both the government and the private sector. From the same survey:

“A slim majority of Americans – 53 percent – say they trust neither government agencies nor businesses like cellular telephone companies and internet providers to keep records of their phone calls or internet activity secure. Slightly more trust private business over government agencies – 21 percent to 11 percent, while another 14 percent trust both equally.”

The TRUSTe 2015 US Consumer Confidence Survey similarly found that consumer concern of the government and business is rising with 27 % reporting government surveillance as a top concern. According to the TRUSTE Survey, consumer trust remains low – 45% of respondents in the TRUSTe Survey felt that privacy was more important that national security. One of the ways reported to increase trust was enhanced transparency and choice: 22% noted a way to lower concern was for governments to be more transparent about how they are collecting and using data.

If we must trust the efforts of the government to provide us with national security, but possess significant reservations about the trustworthiness of both government and private industry to protect our information, it’s clear that we have an important role to play in the protection of our privacy.

Fortunately, we still live in a society that allows for intellectual debate and where we can influence our institutions to acknowledge our collective voice.

 

FISA Rules that NSA May Resume Bulk Collection of American’s Communications Data.

When we’re aware of privacy infringements, we have the power to protect our rights. Consider the case of the NSA’s telephone metadata collection program which was ruled illegal under the Patriot Act this May.

A three-judge panel ruled there was no evidence Congress intended for the “bulk collection of every American’s toll-billing or educational records and to aggregate them into a database.” Judge Gerard E. Lynch of the Second Circuit Court of Appeals said the government’s rationale could be used for many different types of records and that “the interpretation that the government asks us to adopt defies any limiting principle.”

Indeed, it was this impossibly broad interpretation which made so many Americans uncomfortable with the program. The idea that the government could aggregate and have at its disposal such a large and powerful dataset ran afoul of commonly held beliefs about liberty and privacy in the U.S. As this follow-up article in CNN reports:

“Such expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans,” [Judge] Lynch added. The court said that if that were required by national security, at the very least, such a “momentous decision” would be preceded by “substantial debate” and expressed in “unmistakable language.”

However, it appears that the continued bulk collection of citizens’ data is allowed – at least temporarily. After 180 days, the NSA will have to end the surveillance according to the USA Freedom Act. The United States Foreign Intelligence Surveillance (FISA) Court rejected the promising court decision from the Second Circuit where NSA data collection was found to be illegal. Judge Michael W. Mosman of the FISA court wrote:

“Second Circuit rulings are not binding on the FISC and this court respectfully disagrees with that court’s analysis, especially in view of the intervening enactment of the USA Freedom Act,”

It may run contrary to a post-9/11 mindset which implicitly values security over privacy, but transparency and public debate are an essential part of protecting a democracy. The Second Circuit court’s decision regarding the NSA program was a step in the right direction – and the FISA court’s decision is a disappointment.


Reflect on Your Privacy Rights this Independence Day

Consider integrating these habits as part of your privacy practice:

  1. Be grateful for the freedoms we enjoy.

A gratefulness practice includes appreciating our freedoms in our thoughts, words and actions. We can respect our government, be thankful for the freedoms we enjoy, and take steps to ensure such freedoms are valued and protected. This includes the freedom from unreasonable surveillance.

  1. Express your independence.

Don’t be afraid to question our government. Remind yourself to continue to inquire about the intent, scope and oversight of surveillance programs. Take responsibility by challenging instances where you feel our government has not struck the right balance between privacy, security and freedom.

  1. Be proactive.

Speak up and take action in support of your beliefs.

Consider using the technology and practices suggested by the Electronic Frontier Foundation’s “Surveillance Self-Defense” website. It contains “tips, tools, and how-tos for safer online communications.” Reflect on the perspective on encryption and surveillance of privacy advocate Phil Zimmerman (co-founder of the global encrypted communications firm, Silent Circle.)

This Independence Day celebrate privacy as one of your personal freedoms.

 

Image courtesy of blog.radware.com

Jul
01
2015

Finding a New Paradigm – Consent and Choice for the IOT

At the IoT Privacy Summit on July 17 a panel of four data privacy experts discussed, “Finding a New Paradigm – Consent and Choice for IoT.” The panel consisted of Marc Loewenthal, Director, Promontory Financial Group LLC; Emilio Cividanes, Partner, Venable LLP; Debra Farber, Senior Privacy Consultant & Product Manager, TRUSTe; and Erin Kenneally, Founder & CEO Elchemy, Inc., University of California at San Diego.

Consent

Old world technologies such as corporate telephone systems give clear notice that your conversation may be recorded. Callers can act on that information by hanging up or proceeding with the call thereby giving an implied consent to the possible recording of the conversation. The main consideration when providing consumer notice is that it is conspicuous and prior in time to the collection/use of data. A good example in mobile is Geo-location notice. Consumers see a pop-up notice that they can act upon that requests access to their location information and they can deny such access.

In the IOT it is fundamental to understand the nature of the information and the links between all of the entities that have legitimate interest in that data. One panelist felt that a consumer may not have to know every piece of data that is being collected and shared, but does have a right to have their data used in a way consistent with their expectations. Some saw notice in the IOT context evolving into a set of obvious symbols inferring what is happening with the data, which is in line with the proposed EU General Data Privacy Regulation (GDPR).

Read the rest of this entry »

Jul
01
2015

July Spotlight Events – Live Demos, Webinars

Education concept: Knowledge Transfer on keyboard background

Education concept: Knowledge Transfer on keyboard background

  • July 9, 10-11 a.m. PDT

Live Demo: TRUSTe Assessment Templates
Webinar

Assessment Manager offers a comprehensive, preloaded privacy templates let you immediately assess popular use cases. Conditional logic and controls mapping let you ask the right questions the first time.

Each template is purpose-built for a unique assessment use case, taking advantage of years of experience in providing data privacy management solutions for our customers. In this session a TRUSTe privacy expert will walk you through our methodology in designing our templates and the proper application for each use case.

Join us for a demo and learn more about:

  • EU Cookie Directive Assessments
  • U.S.- EU Safe Harbor Assessments
  • Privacy Threshold Assessments
  • Privacy Impact Assessments
  • Data Breach Assessments
  • Data Classification, Disposal and Retention Assessment
  • And more

Register here.

 

  • July 16, 10-11 a.m. PDT

Live Demo: Website Monitoring Service
Webinar

The TRUSTe Website Monitoring Service is a proven solution used by enterprise class, Fortune 1000 customers to monitor and control data collection across their digital assets. TRUSTe supplies highly actionable data that is scalable, user friendly, cost-effective and relevant to all business models.

Join us for a demo and learn more:

  • What Tracking technologies are uncovered [cookies, flash cookies (LSO’s), web beacons, pixel tags, device fingerprinting]
  • How do these tracking vendors get to your site
  • How can you manage these vendors effectively
  • What Personal Information (PI) is being collected, where is it being collected and is it secure.

Register here.

 

  • July 23, 10-10:30 a.m. PDT

Live Demo: Cookie Consent Manager
Webinar

Cookie Consent Manager provides the leading EU Cookie Directive solution designed for legal, privacy, marketing, IT, information security, and compliance professionals within enterprise brands, publishers and website operators.

Our online portal helps you deliver a consumer-friendly customizable user interface for informed consent regarding the collection and use of personal information.

Join us for a demo and learn more about:

  • Easy-to-use self-service portal for simple reporting and maintenance
  • Customization of consent notice, interface, and messaging
  • Enhanced views for consumers to identify which advertisers are behaviorally targeting them
  • Options to integrate directly with tag management platforms such as Signal. TRUSTe also supports Google, Adobe, Tealium, and Tagman

Register here.

 

  • July 23, 11 a.m. – 12 p.m. PDT

Understanding the FTC on Privacy and Security
Webinar

This webinar is part of TRUSTe’s long-running Privacy Insight Series.

Register here.

 

 

  • July 30, 10-11 a.m. PDT

Privacy Impact Assessments: Insights From Benchmarking Global Companies
Webinar

Privacy Assessments are the backbone of a great data privacy management program and according to recent research, the average company conducts 59 Privacy Impact Assessments (PIA) per year. However there are a wide variety of assessment types and for many companies there is still little clarity as to when and how these should be used.

This web conference will share further insights into how top global companies are using privacy assessments from the TRUSTe 2015 Privacy Assessment Benchmarking Study and how they can benefit your organization. A panel of experienced speaker will discuss how they are using privacy assessments, some of the challenges they have faced and how they have overcome these. Join this web conference to evaluate your privacy management, gain insight on what other organizations are doing, identify gaps and report with confidence on the status of your privacy program to management.  Speakers include:

  • Tom Widgery, Director of Privacy & Information Security Governance, SVB Financial Group
  • Debra Farber, Senior Privacy Consultant & Product Manager, TRUSTe
  • Nina Barakzai, Group Head of Data Protection & Privacy, BSkyB
  • Abhishek Agarwal, Chief Privacy Officer, Baxter International

Free for IAPP members. Register here.

Jun
30
2015

End of Month Recap: What You Might Have Missed

Privacy

At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month. 

Privacy

The month of June was a big month for privacy events. Namely, the IoT Privacy Summit 2015 in Menlo Park, CA. We posted a recap of the event the day after along with some of the many photos we took. TRUSTe privacy experts covered numerous sessions at the Summit and wrote blog posts thoroughly explaining the issues each panel discussed. So far we’ve published one of those blog posts (‘Can Self-Regulation Meet Privacy Challenges of IoT?‘) — we’ll post the other blog posts in the following weeks, so subscribe to the blog if you haven’t already. See below for some other blog highlights.

Read the rest of this entry »

Jun
25
2015

Privacy Ecosystem Map Highlights Evolving Market to Address Growing Challenges

EcosystemMap

EcosystemMap

By Dave Deasy, VP, Marketing at TRUSTe

There are many players in the privacy ecosystem. From regulatory agencies to law firms to technology companies – and each entity plays an essential role in managing the balance between business use of data and consumer data protection.

Over the past few years the privacy ecosystem has grown rapidly and keeping track of the various organizations and range of solutions has grown unwieldy. In order to better understand the ecosystem, TRUSTe has developed the Privacy Ecosystem Map.

Read the rest of this entry »

Jun
24
2015

Meet TRUSTe: Chris Babel, CEO

chris_blog

Over the past six months we have given you an inside look at the talented, knowledgeable and friendly people who work at TRUSTe. This week we conclude the series with our CEO Chris Babel.

chris_blog

How long have you worked at TRUSTe? It will be 6 years this December.

Tell us about your role at TRUSTe. As CEO, I’m responsible for setting strategy, vision and direction for the company. This encompasses everything from what markets to enter, what products to deliver to help our customers succeed and how to differentiate TRUSTe. Critical to succeeding is our culture and team, as the best strategy in the world still loses without great execution from people who understand the company direction and are passionate about our shared success. On a daily basis this can vary dramatically from meeting externally with customers or prospects to improve our market knowledge or internally hosting our monthly “Beer with Babel” meeting where employees can directly or anonymously submit any question they have about the company and our direction.

How has your role changed over time? When I started at TRUSTe, we had just transitioned from a non-profit organization with 60 employees and were just starting to build our technology platform. Today, we have about 175 employees with more people in product and engineering than we had in the whole company five years ago. Managing the transition to a full-fledged technology company and transitioning the culture with the market concerns around privacy exploding has been a massive change to TRUSTe and exciting challenge.

Read the rest of this entry »

Jun
23
2015

Can Self-Regulation Meet Privacy Challenges of IoT?

Privacy

By Matthew E.S. Coleman, JD, CIPP/US, Enterprise Privacy Solutions Manager at TRUSTe

Regulators are struggling. They are struggling to find a paradigm to protect consumer privacy in the face of rapid technological change. This sentiment kicked off a panel titled, “Can Self-Regulation Meet Privacy Challenges of IoT?” at TRUSTe’s Internet of Things (IoT) Privacy Summit in Menlo Park, CA on Wednesday. The panel, moderated by Nancy Libin, former Chief Privacy Officer of the Department of Justice, contained a diverse array of privacy professionals from private, public, and, non-profit backgrounds. Panelists included Alex Reynolds, Director and Regulatory Counsel, Consumer Electronics Association; Justin Brookman, Director of Consumer Privacy, Center for Democracy & Technology; Hilary Cain, Director of Technology & Innovation Policy, Toyota Motor North America, Inc.; and Nithan Sannappa, Senior Attorney, Federal Trade Commission.

The panelists largely focused on the recommendations presented in the Federal Trade Commission’s January 2015 report titled, “Internet of Things: Privacy and Security in a Connected World.” There are three main principles from the report touted as a workable privacy standard for IoT device manufacturers: 1) Security; 2) Data Minimization; and 3) Notice and Choice.

The FTC has historically enforced reasonable security as a part of its unfair practices purview. In the context of IoT devices, what is deemed reasonable is largely based on context. What types of information is the device collecting? Is it sensitive personal information (e.g., geolocation, protected health information, etc.)? What quantity of data is collected? The higher the risk profile associated with the data collected then the stronger the protections required on a device.

Read the rest of this entry »

Jun
17
2015

2015 IoT Privacy Summit Recap [PICS]

IoTSummit15(1)

IoTSummit15(1)

Here’s an interesting thought: If you buy a home 10, 20 or 30 years from now and the home contains a smart fridge and other smart appliances — who will own that data? The buyer or the seller?

This is just one of the many thought-provoking scenarios shared at this year’s IoT Privacy Summit.

IoTSummit15(4)

The day began at 9 a.m. with one opening session in a large room at the beautiful Rosewood Hotel on Sand Hill Road in Menlo Park. Then, for most of the day, the room was separated into two rooms where numerous sessions and panels on a wide variety of hot IoT topics took place. Panelist covered topics including smart cars and privacy considerations for the future; smart homes and how to prevent ‘bandits’ from accessing that information; how privacy leaders can prepare for the next wave of IoT innovations through best practices, as well as the issues the latest IoT inventions might create.

Read the rest of this entry »

Older posts «