Page 1
‘Privacy Score’ : Quantifying
privacy and turning it into a
competitive advantage.
&
Privacy Best Practices for Big
Data Platforms
Rajesh Jayaprakash Senior Enterprise Architect, Master Data Management & Data Privacy
[email protected]
July 17th 2014
Big Data Monetization Summit
Las Vegas, USA
Page 2
Page 2
TELUS
Major Business Units are,
TBS : TELUS Business Solutions
TCS : TELUS Consumer Services
TPS : TELUS Partner Solutions
Wireless Subscribers
Wireline network access lines
Internet Subscribers
TV Customers
One of the big three Telco's in Canada with 11.3 billion of annual
revenues and 13.3 million customer connections
Page 3
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
3 Differing Views on Consumer Privacy & Consents
Organization’s Views Consumer’s Views
Let’s trade!
Giveaway a
coupon to get
consents…
People don’t
care about
privacy…
You can’t expect
privacy in the
online world…
Let us make it
our competitive
advantage
It is part of the
respect I expect
from the
organization
Let us make it part
of our ‘Customer
Experience’.. How
do we measure it?
By law of this country
.. We don’t have to…
Privacy keep people isolated in their
islands. [Word ‘Privacy’ is derived
from the Latin Privatus, meaning
‘‘withdraw from public life,’’]
Customer have
already agreed
to in the terms
and conditions…
We need the same
protection online
that we have offline
In that country we
have to care.. But
this country we don’t
have to.. But then,
how do we?
Privacy? It is a thing
of the past.
It’s a human right
Let’s
trade…
Where
is my
share?
I have nothing to
hide FEAR &
Transparency?
Page 4
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
4 Privacy : Importance of asking right questions
1.Ques: Is your privacy is important for YOU in the online world?
Your Answer : Ah.. Somewhat – may be. I do not know, I don’t care…
2.Ques : Great.. So you don’t mind if we keep track of your travel, via your
car’s GPS and transit tickets and phone location? Only our employees
would have access. And may be push some ads to your phone? (Oh, by
they way, some of our employees may be your neighbours).
Your Answer :Oh… Really? May be I care somewhat?
3.Ques : So, you really care if your mother in law and neighbours was
buying and tracking your sexual activity data that your accelerometer
vendor was selling? What about same data of your kids?
Your Answer : That sounds creepy.. But oh well…
4.Ques : What about the same data of your kids?
Your Answer : ? !
Page 5
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
5 Privacy : Getting the right perspective
People do care about their privacy, but in varying extent. To
know truly how much, we need to ask questions in context –
not generically.
When incidents occur, people just come to know the context
and REACT! Leading to conflict with the organization.
Page 6
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
6
Organizational Privacy Score (OPS) measures consumer
consent and control and prove it to customers to make it
a competitive advantage for your organization.
So what is your organizations view?
Let each consumer decide !
A solution at a holistic level is to
TRUELY adopt the policy of
“Consumer Choice and Control” of their own privacy choices, preferences and consents.
& Go above and beyond the requirements of privacy laws.
Page 7
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
7 Key Assumptions
Privacy • Privacy promises the organization is making to customer or not making.
• Represents the intention of the organization with respect to the level of
commitment.
• It is about policy of the organization and shaped by the executive team, mostly
based on some form of organizational values.
Security • The capability of the organization in meeting the above commitments.
• It is a technical capability.
• A security policy is usually drafted but it is still a technical policy – on how to
achieve the security objectives.
Page 8
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
8 Key Assumptions
Anonymisation • The process of converting ‘Personally Identifiable Information (PII) to Non-
Personally Identifiable information. Mainly because most privacy laws are
around PII. However from a legal angle, in most cases the originator (claimer
organization of ‘anomymization’) has to ‘guarantee’ the anonymized data is not
re-identified by other parties if shared knowingly. This is a very hard to do.
Preferences • The superset of choices that can be made available to the consumer.
• Choices could be list of values and wide range of customer selections Not just
Yes/No or “I agree”.
Consent • Usually a miniaturised version of preferences. Mostly looking privacy from a
‘barely legal’ angle and ensuring compliance. Do we have consent from
customer to do this (Y/N)?
Page 9
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
9
Organizational Privacy Score
Official Disclosure :
This is not a TELUS product or recommendation
Page 10
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
10 Organizational Privacy Score(OPS) – Why?
Credit Score: To ensure trust worthiness of financial transactions of
the lendee, Lender (organization) has ‘Credit Score’ for the lendee
( ie; the customer).
Privacy Score: When a person hands over his data, or when it is
harvested, the lender(ie; consumer) does not get any kind of number
on the trust worthiness of the lendee (organization). All customer gets
usually is a very long terms and conditions and a single “I agree”
button.
Data is the new oil: From a value of item changing hands (ie; personal
data of consumer), our times are comparable to the earliest days of
credit score.
Page 11
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
11 Organizational Privacy Score – Why?
Multiple new technologies acting as disruptive force: There are multitude of new technologies CONVERGING and coming
to market which are game changers and capable of tracking every
move and everything to the most minute details of people. Then this
can combined with many type of profiles. This helps organizations
understand people a lot better than their understanding of
themselves.
Big Data + Cloud + Location Based Services (GPS & Smart phones)
+ Wearable devices + Social Media + Smart Meters & Smart homes
+ Google Search + Google Now + Marketing lists + Relationship
identifying algorithms + Extremely accurate predictive algorithms +
…
The ‘creepiness’ gets to the customer. Sooner or later there will be incidents that the customer going to
realise the creepiness.
It is not about the technology or even the intent for the creepiness,
but the immaturity in the communication, governance and adoption of
these technologies, or the lack of focus in that.
Page 12
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
12
Imagine your company’s next ad on TV with these messages
Turning privacy score into a competitive advantage..
Our privacy score is X.X out of 10. It is certified by independent third
parties.
We do not sell your data.
We tell you where we store your data.
We tell you whom we share your data with. And let you control it.
We proactively share all your data with you, via our website. Ie;
Even if you didn’t request for it.
Our competitors doesn’t even have a score.
IN THIS NEW TECHNOLOGY, WORLD, WE ARE ON YOUR SIDE!!
AND
THIS IS THE PROOF !!
Page 13
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
13 Organizational Privacy Score – What is it?
A method to quantify and advertise large organizations “intention”
of treatment of consumer data and choices. • Measure the enablement of consumer choices in privacy.
• Global approach. Not tied to any country’s legalities.
• Very detailed and specific set of questions.
• Averages out various sub parts of the organization for the final score.
• Survey based approach.
• One single score for the entire organization. Similar to a credit score.
• Publish the entire survey responses to ensure transparency and auditing.
• NOT a ‘security” score. Ie; Security is not included. Ie; Capability and Practice of privacy is
not included as of now. But in works.
• Independent third party organizations as “Certifiers”.
Has three individual scores that roll up to final score.
1. Basic privacy score – Checks the organization has the basic framework for
privacy checking.
2. Data Privacy score – Checks the organization share ALL the data it has
with consumer - Not just personally identifiable information.
3. Specialised Privacy Score – A set of privacy scores in specialised areas of
privacy importance in the line of business. Like Big Data, Cloud, CCTVs,
Location based Services, Employee privacy etc.
Page 14
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
14 Organizational Privacy Score – Who, When & Where?
Whitepaper:
http://www.slideshare.net/RajeshJayaprakash1/privacy-ccore-for-
organizations-whitepaper-rajesh-jayaprakash
tmforum: – Global association of telcos.
• Tmforum catalyst product, Jun 2014
Service privacy score : A scaled down version of the privacy score.
Focuses one perticular product at a time – rather than the entire
organization. Good for smaller vendor/software vendor companies, with
minimal number of products.
Participation from : TELUS, TAO, and few other telcos and vendors.
• Tmforum catalyst product, Dec 2014 (planned)
Organizational Privacy Score : in works.
Participation from : You?
Page 15
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
15 OPS – What is missing from it (for now)?
Total Organizational Privacy Score
=
Intention of the Organization (OPS) (WE HAVE IT)
* (multiplied by)
Capability of the Organization (Security Capability) (TBD)
* (multiplied by)
Practice of the origination (Governance Practices) (TBD)
Page 16
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
16 Organizational Privacy Score – How?
Page 17
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
17 Organizational Privacy Score – How – Basic
Score
Page 18
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
18 Organizational Privacy Score – How?
Page 19
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
19 Organizational Privacy Score – How?
Page 20
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
20 Organizational Privacy Score – Data Privacy
Score
Sample of Questions – From one of the Categories
Page 21
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
21 Organizational Privacy Score – Specialized
domains
Big Data, Location Based Services, Cloud, CCTV, Wearable devides, Employees, New..
Page 22
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
22 Organizational Privacy Score – White Paper
• http://www.slideshare.net/RajeshJayaprakash1/privacy-ccore-for-
organizations-whitepaper-rajesh-jayaprakash
Page 23
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
23
Best Practices in Big Data Privacy
Official Disclosure :
These are not official TELUS Big Data standards or Guidelines.
We are only sharing some industry practices.
Page 24
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
24 Classify projects as POCs Vs Regular
Proof Of Concepts (POC)
Aka: Hypothesis
Regular Projects
Use cases are not stable or well defined All use cases well documented.
Main objective is study and understand
feasibility
Use a mix of real data, de-identified
data and out of platform cross
referenced data.
Use Synthetic data (Completely
randomly created data )
A Full PIA (Privacy Impact Assessment)
to be done. (Certified IAPP
professionals to approve the same).
No resultant customer contact or
operational process impacts
Data for POC should be destroyed at
end of POC
Fast tracked privacy and security
processes
3-4 months duration max
NOT the same as ‘Pilot’
No Government Customer impacts
1. POC(Hypothesis) VS Project?
Page 25
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
25 Tamper Resistant Logs
2. Every user and system access and activity log should
maintained in a tamper-resistant manner for current day
+ 365 days. The log should be kept off-board.
Page 26
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
26 Access Termination Criteria
3. All access to the data/information given should have
specific termination/end criteria and renewal guidelines. • Indefinite access should not be allowed. Eg: Employees – per
termination or two years of inactivity.
• Third party employees/vendor resources should have similar specific
termination criteria.
Page 27
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
27 Need to Know basis
4. All access to Big Data platform data (raw data, source
data, analytic output) should be on a need to know basis
and documented.
Page 28
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
28 Retention Schedules
5. Determine and comply with the retention schedules of
the source system data and ensure data in the big data
platform is in compliance. • Different sources might have different retention timelines due to legal
or other business reasons. Rather than trying to unify or another way
identify a single retention period for all data in the big data platform,
consider it is an amalgamation of different domains of data, with each
domain of data with specific and often unique retention schedule.
• This might result in some more complexity in use cases. However
provide maximum duration for analysis and forecasting, while ensuring
compliance.
Page 29
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
29 Synchronization
6. Every data record that is replicated from other sources
should be synchronised for changes in source system. Most cases, operational decisions are made based on inferences from big
data platform, this sync should be real time and algorithms need to re-run
for false positive corrections.
Page 30
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
30 Key Sensitive Data Elements
7.1 Very Sensitive personal information
This type should NOT be stored in big data systems. Rather be in totally
different platforms and invoked as and when needed basis.
o Credit Card Numbers,
o Passwords for consumers.
7.2 Hashed personal identifiers (Or encrypted in equivalent ways).
Hashed Values can be stored in big data but original data or hash
keys/logic should not be in big data platform.
o SIN/SSN numbers,
o Driving License Info.
Page 31
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
31 Big Data Privacy Guidelines (Contextual decision)
1. Personal Contact Information:
This should not be stored in big data but cross reference able with operational
systems for the “final subset” of target customers. This way you are not risking
entire customer base but only a small subset even if some breach happens.
• Personal Contact Info Data elements: Names ,Email, Social Media IDs
(Facebook, twitter, LinkedIn), Physical Address (except postal code), Phone
Numbers (except area code).
2. Special considerations when using large enterprise customer’s data.
• You may have very specific contracts with them, with specific privacy and
security agreements.
• How do you ensure you are not doing a CDR analysis of top brass of military or
senators in big data?
Page 32
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
32 Big Data Privacy Guidelines (Contextual decision)
3. Algorithms should be tweaked to favour false negatives as opposed to false
positives.
4. Data Quality is addressed in source systems, wherever it is – Not the
downstream.
5. Data in big data (input or output – any stored data) platform should be
customer sharing friendly.
6. Information in Big Data platform should not be downloadable to individual’s
equipment’s (laptops etc.)..
Page 33
Alex Loffler of TELUS Security team
Shelly Scott of TELUS Privacy Office
For help and participation in Big Data Best Practices
Acknowledgements
Ann Cavoukian & Jeff Jonas :
“Privacy By Design” Whitepaper
on Big Data Privacy
References
Page 34
Rajesh Jayaprakash
Questions ?
Please Email
[email protected]
Page 35
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
35
Thank You !
Rajesh Jayaprakash [email protected]
Page 36
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
36 Single View of Customer – Data for every context
Single View of Customer is not the same, giant, customer information page for everyone.
It is a logical source of all information of the customer. Each team will ask for significantly
different piece of information of the same customer.
When that is supplied, that team would ask for another set.. And cycle will continue.
Fulfillment Sales Reps Marketing
Credit Teams Big Data & Analytics IVR/Authorization
Portals
Call centers
Page 37
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
37
DATA
Transactional Data
Data Classification
Represents relatively static data. Customers, Products etc.
Includes Customer Names, Demographics, Relationships with
other Customers, Account Relationships, Privacy, Preferences
etc. These type of data are relatively static, low in volume, and
widely used in the organization
Master Data
Transactional Data
Analytical Data
Data in Any Organization is broadly classified into three.
Represents the business activity at a point in time. Data of day
to day activities of the company.
Examples: Account Balance, Bills, Payments, Orders, Trouble
tickets. This data is created very frequently, higher in volume,
and relevant to pockets of organization.
Represents the information derived from the above two.
Examples: Trends, Forecasts, Sales history, buying patterns,
profitability, segmentation, propensity to buy, lifetime Value, risk
exposure. This all ‘generated’ data and very specific to pockets
of organization. Volumes are very high.
Page 38
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
38 What is Single View of Customer?
What it is NOT Why?
Another database in which we need to bring
all data of all customers
Impractical approach.
A huge list of predefined data elements
about the customer.
The list is too big and too dynamic with the
advent of new technologies like social
media, location based services etc.
A problem that any single vendor product
can solve by itself.
The breadth of data spans across many
systems.
Another ‘matching’ engine Putting emphasis on matching is a reactive
solution.
Page 39
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
39 What is Single View of Customer?
An attainable, capability-based definition
• The capability to access the ‘best quality’ information available in the organization. This include information internal to organization and external data(social media etc.)
• The capability to get all the information about the customer, for the given user/application, at any specific context
• The capability to pinpoint a single record instance for a customer, without duplication issues exposed to the end users/applications
• The capability of having a common customer definition of ‘customer‘ and it accepted throughout the organization.
Define & Align on
“Customer”
Single Record
Best “Available”
Data for every
Context & Audience
A collection of four capabilities
Page 40
Pri
vacy S
co
re –
Pri
vacy a
s a
co
mp
eti
tive A
dvan
tag
e
40 What is Single View of Customer?