Page 1
Enterprise Tag Management Enterprise Tag Management
Kevin Trilli VP of Products TRUSTe
Craig Spiezle Executive Director & President Online Trust Alliance
PANEL Think Houdini: Untangling
Website Privacy & Compliance
Moderator: Des Cahill VP Marketing, Ensighten
Page 2
#agility2013
Our Panelists
Kevin Trilli
– VP Product – Truste – Privacy for Ads, Data, Mobile, Website
Craig Spiezle
– Executive Director, Founder and President – Online Trust Alliance
Page 3
#agility2013
Where you want your brand
Page 4
#agility2013
Privacy - Why Care?
Data driven economy – “Big Data” Blurring of on & off-line data Evolving definitions of PII Consumer shift to mobile devices Reliance on service providers & cloud services. Increased sophistication of the cyber-criminal
– Competitors
Page 5
#agility2013 Source: TRUSTe & Harris Interactive 2012 Consumer Privacy Survey (www.truste.com/resources)
Privacy impacts your customers
55% 39%
6% A really important issuethat I think about often
A somewhat importantissue that I think aboutsometimes
Not much of an issue / Ihardly ever think about it
94% of Consumers Worry About Their Privacy Online
Page 6
#agility2013
Topic: Data Breach
Page 7
#agility2013
2011 Acquisition of Borders delayed due to questions over privacy rights of 46M email subscribers
2011 Google settles FTC charges over “Google Buzz” privacy issues; company gets 20-year oversight period
2011 Apple and Google weather “location gate” privacy scandal over their mobile devices. Apple changes collection practices in response.
2011 Netflix faces multiple privacy lawsuits over its data storage practices.
2011 OnStar forced to reverse location tracking policy following privacy outcry
2011 Broken Thumbs Apps settles FTC charges that it violated children’s privacy law – company is fined and forced to destroy the data
2011 nebuAd settles $2.4 million privacy lawsuit over behavioral targeting practices
2011 Playdom fined $3 million for violating children’s online privacy
2012 Path social network app accessing address books without permission
Data privacy breakdowns hurt your business
2012 Delta sued by CA AG for insufficient privacy policy disclosures
Page 8
#agility2013
OTA 2012 Data Breach Highlights
1478 breaches (Open Security Foundation) – 26% due to internal losses – 43% targeting non business entities
62.7 million records exposed (OTA) 97% avoidable (Symantec)
– 94% server exploits – $194 cost per record – $5.5 million average cost of each breach
$8.1 billion impact to U.S. businesses (See pages 4-6)
Page 9
#agility2013
Frequency of Taking Precautions with Personal Information*
Consumers Take Actions to Protect Themselves
67%
27%
41%
40%
39%
76%
50%
49%
46%
40%
28%
21%
Refuse to allow companies to share myinformation with a 3rd party
Manage my privacy choices by opting out of OnlineBehavioral Advertising
Check for certification or seal that indicates privacyapproval by an outside organization
Check to make sure the website has a privacystatement
Read the privacy statement (if provided)
Google the site and review their online ratings
Ask friends if they think I should trust the site
2011
2012
N/A
N/A * Percentage of respondents who answered: “most of the time” / “often”
Source: TRUSTe & Harris Interactive 2012 Consumer Privacy Survey (www.truste.com/resources)
Page 10
#agility2013 © 2012. All rights reserved. Online Trust Alliance (OTA) Slide 10
What is the norm?
Page 11
#agility2013
Why don’t you (your clients) utilize more targeted advertising today?
a) ROI concerns b) Implementation concerns c) Privacy concerns d) Not an issue – over 50% of ads already utilize targeting e) Not sure
Topic: Ad Privacy – Advertiser/Publisher
Page 12
#agility2013
Agreement With Statements Related To Online Advertising – option to opt out
Consumers Reward Good Privacy Practices with More Business
7%
5%
27% 40% 21% I would be inclined to do more business with an
advertiser or publisher who gives me the option toopt-out of Online Behavioral Advertising
Strongly Disagree Somewhat Disagree Neither Agree Nor Disagree Somewhat Agree Strongly Agree
61%
Source: TRUSTe & Harris Interactive 2012 Consumer Privacy Survey (www.truste.com/resources)
Page 13
#agility2013
Topic: website tags/trackers
TRUSTe 2012 Top UK Website Tracker Analysis Report
Page 14
#agility2013
Topic: Mobile
Page 15
#agility2013
Mobile legislative pressure is increasing
Page 16
#agility2013
15%
19%
21%
30%
34%
38%
I trust all apps
I ask friends
I check to see if the app has a thirdparty trustmark/seal
I read the privacy policy (if provided)
I check to see if the app has a privacypolicy
I research the app online
Steps to Determine Mobile App Privacy Trust
Consumers Take a Variety of Steps to Protect Their Personal Information With Apps
Source: TRUSTe & Harris Interactive 2012 Consumer Privacy Survey (www.truste.com/resources)
Page 17
#agility2013
Do you have a privacy policy for your mobile app/website?
Do you offer opt-out mechanisms for mobile tracking?
What data are 3rd Party SDK’s actually collecting & using?
Do you ask consumers for permission before using their mobile location data for marketing purposes?
Questions to ask:
Get a mobile privacy strategy
Page 18
#agility2013
Topic: Kids
The law requires companies who market to children (under 13) to:
Provide notice of what information they collect
Obtain verifiable parental consent before collecting or using children’s data
Provide parental access to information they’ve collected about their child
Don’t forget about new forms of PII (IP Addresses, Persistent IDs etc)
The Children’s Online Privacy Protection Act (COPPA)
Page 19
#agility2013
EU Cookie Directive – consumers expect…
FR NL GB DE
53% 62% 76% 82%
Expect companies to comply with the EU cookie directive
GB NL FR DE
33% 37% 44% 49%
Plan to only visit websites of companies who comply
Source: TRUSTe & Harris Interactive 2012 Consumer Privacy Survey (www.truste.com/resources)
Page 20
#agility2013
Discussion – Q&A
Kevin Trilli VP Product Truste www.truste.com
Craig Spiezle Chairman and President Online Trust Association www.otalliance.org
[email protected]
Page 21
#agility2013
Breaches are a daily occurrence, but the lack of planning is unacceptable. W3C DNT polarization Wild West of data collection Power of Cloud, Mobile & “Big Data” Privacy & surveillance concerns increasing Codes of Conduct International Pressures (EU, Article 29)
Where are we today?