Organizational Privacy Score and Big Data Privacy Guidelies July 17 2014 - Rajesh Jayaprakash

‘Privacy Score’ : Quantifying

privacy and turning it into a

competitive advantage.

&

Privacy Best Practices for Big

Data Platforms

Rajesh Jayaprakash Senior Enterprise Architect, Master Data Management & Data Privacy

[email protected]

July 17th 2014

Big Data Monetization Summit

Las Vegas, USA

Page 2

TELUS

Major Business Units are,

TBS : TELUS Business Solutions

TCS : TELUS Consumer Services

TPS : TELUS Partner Solutions

Wireless Subscribers

Wireline network access lines

Internet Subscribers

TV Customers

One of the big three Telco's in Canada with 11.3 billion of annual

revenues and 13.3 million customer connections

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

3 Differing Views on Consumer Privacy & Consents

Organization’s Views Consumer’s Views

Let’s trade!

Giveaway a

coupon to get

consents…

People don’t

care about

privacy…

You can’t expect

privacy in the

online world…

Let us make it

our competitive

advantage

It is part of the

respect I expect

from the

organization

Let us make it part

of our ‘Customer

Experience’.. How

do we measure it?

By law of this country

.. We don’t have to…

Privacy keep people isolated in their

islands. [Word ‘Privacy’ is derived

from the Latin Privatus, meaning

‘‘withdraw from public life,’’]

Customer have

already agreed

to in the terms

and conditions…

We need the same

protection online

that we have offline

In that country we

have to care.. But

this country we don’t

have to.. But then,

how do we?

Privacy? It is a thing

of the past.

It’s a human right

Let’s

trade…

Where

is my

share?

I have nothing to

hide FEAR &

Transparency?

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

4 Privacy : Importance of asking right questions

1.Ques: Is your privacy is important for YOU in the online world?

Your Answer : Ah.. Somewhat – may be. I do not know, I don’t care…

2.Ques : Great.. So you don’t mind if we keep track of your travel, via your

car’s GPS and transit tickets and phone location? Only our employees

would have access. And may be push some ads to your phone? (Oh, by

they way, some of our employees may be your neighbours).

Your Answer :Oh… Really? May be I care somewhat?

3.Ques : So, you really care if your mother in law and neighbours was

buying and tracking your sexual activity data that your accelerometer

vendor was selling? What about same data of your kids?

Your Answer : That sounds creepy.. But oh well…

4.Ques : What about the same data of your kids?

Your Answer : ? !

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

5 Privacy : Getting the right perspective

People do care about their privacy, but in varying extent. To

know truly how much, we need to ask questions in context –

not generically.

When incidents occur, people just come to know the context

and REACT! Leading to conflict with the organization.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

6

Organizational Privacy Score (OPS) measures consumer

consent and control and prove it to customers to make it

a competitive advantage for your organization.

So what is your organizations view?

Let each consumer decide !

A solution at a holistic level is to

TRUELY adopt the policy of

“Consumer Choice and Control” of their own privacy choices, preferences and consents.

& Go above and beyond the requirements of privacy laws.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

7 Key Assumptions

Privacy • Privacy promises the organization is making to customer or not making.

• Represents the intention of the organization with respect to the level of

commitment.

• It is about policy of the organization and shaped by the executive team, mostly

based on some form of organizational values.

Security • The capability of the organization in meeting the above commitments.

• It is a technical capability.

• A security policy is usually drafted but it is still a technical policy – on how to

achieve the security objectives.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

8 Key Assumptions

Anonymisation • The process of converting ‘Personally Identifiable Information (PII) to Non-

Personally Identifiable information. Mainly because most privacy laws are

around PII. However from a legal angle, in most cases the originator (claimer

organization of ‘anomymization’) has to ‘guarantee’ the anonymized data is not

re-identified by other parties if shared knowingly. This is a very hard to do.

Preferences • The superset of choices that can be made available to the consumer.

• Choices could be list of values and wide range of customer selections Not just

Yes/No or “I agree”.

Consent • Usually a miniaturised version of preferences. Mostly looking privacy from a

‘barely legal’ angle and ensuring compliance. Do we have consent from

customer to do this (Y/N)?

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

9

Organizational Privacy Score

Official Disclosure :

This is not a TELUS product or recommendation

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

10 Organizational Privacy Score(OPS) – Why?

Credit Score: To ensure trust worthiness of financial transactions of

the lendee, Lender (organization) has ‘Credit Score’ for the lendee

( ie; the customer).

Privacy Score: When a person hands over his data, or when it is

harvested, the lender(ie; consumer) does not get any kind of number

on the trust worthiness of the lendee (organization). All customer gets

usually is a very long terms and conditions and a single “I agree”

button.

Data is the new oil: From a value of item changing hands (ie; personal

data of consumer), our times are comparable to the earliest days of

credit score.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

11 Organizational Privacy Score – Why?

Multiple new technologies acting as disruptive force: There are multitude of new technologies CONVERGING and coming

to market which are game changers and capable of tracking every

move and everything to the most minute details of people. Then this

can combined with many type of profiles. This helps organizations

understand people a lot better than their understanding of

themselves.

Big Data + Cloud + Location Based Services (GPS & Smart phones)

+ Wearable devices + Social Media + Smart Meters & Smart homes

+ Google Search + Google Now + Marketing lists + Relationship

identifying algorithms + Extremely accurate predictive algorithms +

…

The ‘creepiness’ gets to the customer. Sooner or later there will be incidents that the customer going to

realise the creepiness.

It is not about the technology or even the intent for the creepiness,

but the immaturity in the communication, governance and adoption of

these technologies, or the lack of focus in that.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

12

Imagine your company’s next ad on TV with these messages

Turning privacy score into a competitive advantage..

Our privacy score is X.X out of 10. It is certified by independent third

parties.

We do not sell your data.

We tell you where we store your data.

We tell you whom we share your data with. And let you control it.

We proactively share all your data with you, via our website. Ie;

Even if you didn’t request for it.

Our competitors doesn’t even have a score.

IN THIS NEW TECHNOLOGY, WORLD, WE ARE ON YOUR SIDE!!

AND

THIS IS THE PROOF !!

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

13 Organizational Privacy Score – What is it?

A method to quantify and advertise large organizations “intention”

of treatment of consumer data and choices. • Measure the enablement of consumer choices in privacy.

• Global approach. Not tied to any country’s legalities.

• Very detailed and specific set of questions.

• Averages out various sub parts of the organization for the final score.

• Survey based approach.

• One single score for the entire organization. Similar to a credit score.

• Publish the entire survey responses to ensure transparency and auditing.

• NOT a ‘security” score. Ie; Security is not included. Ie; Capability and Practice of privacy is

not included as of now. But in works.

• Independent third party organizations as “Certifiers”.

Has three individual scores that roll up to final score.

1. Basic privacy score – Checks the organization has the basic framework for

privacy checking.

2. Data Privacy score – Checks the organization share ALL the data it has

with consumer - Not just personally identifiable information.

3. Specialised Privacy Score – A set of privacy scores in specialised areas of

privacy importance in the line of business. Like Big Data, Cloud, CCTVs,

Location based Services, Employee privacy etc.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

14 Organizational Privacy Score – Who, When & Where?

Whitepaper:

http://www.slideshare.net/RajeshJayaprakash1/privacy-ccore-for-

organizations-whitepaper-rajesh-jayaprakash

tmforum: – Global association of telcos.

• Tmforum catalyst product, Jun 2014

Service privacy score : A scaled down version of the privacy score.

Focuses one perticular product at a time – rather than the entire

organization. Good for smaller vendor/software vendor companies, with

minimal number of products.

Participation from : TELUS, TAO, and few other telcos and vendors.

• Tmforum catalyst product, Dec 2014 (planned)

Organizational Privacy Score : in works.

Participation from : You?

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

15 OPS – What is missing from it (for now)?

Total Organizational Privacy Score

=

Intention of the Organization (OPS) (WE HAVE IT)

* (multiplied by)

Capability of the Organization (Security Capability) (TBD)

* (multiplied by)

Practice of the origination (Governance Practices) (TBD)

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

16 Organizational Privacy Score – How?

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

17 Organizational Privacy Score – How – Basic

Score

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

18 Organizational Privacy Score – How?

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

19 Organizational Privacy Score – How?

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

20 Organizational Privacy Score – Data Privacy

Score

Sample of Questions – From one of the Categories

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

21 Organizational Privacy Score – Specialized

domains

Big Data, Location Based Services, Cloud, CCTV, Wearable devides, Employees, New..

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

22 Organizational Privacy Score – White Paper

• http://www.slideshare.net/RajeshJayaprakash1/privacy-ccore-for-

organizations-whitepaper-rajesh-jayaprakash

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

23

Best Practices in Big Data Privacy

Official Disclosure :

These are not official TELUS Big Data standards or Guidelines.

We are only sharing some industry practices.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

24 Classify projects as POCs Vs Regular

Proof Of Concepts (POC)

Aka: Hypothesis

Regular Projects

Use cases are not stable or well defined All use cases well documented.

Main objective is study and understand

feasibility

Use a mix of real data, de-identified

data and out of platform cross

referenced data.

Use Synthetic data (Completely

randomly created data )

A Full PIA (Privacy Impact Assessment)

to be done. (Certified IAPP

professionals to approve the same).

No resultant customer contact or

operational process impacts

Data for POC should be destroyed at

end of POC

Fast tracked privacy and security

processes

3-4 months duration max

NOT the same as ‘Pilot’

No Government Customer impacts

1. POC(Hypothesis) VS Project?

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

25 Tamper Resistant Logs

2. Every user and system access and activity log should

maintained in a tamper-resistant manner for current day

+ 365 days. The log should be kept off-board.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

26 Access Termination Criteria

3. All access to the data/information given should have

specific termination/end criteria and renewal guidelines. • Indefinite access should not be allowed. Eg: Employees – per

termination or two years of inactivity.

• Third party employees/vendor resources should have similar specific

termination criteria.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

27 Need to Know basis

4. All access to Big Data platform data (raw data, source

data, analytic output) should be on a need to know basis

and documented.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

28 Retention Schedules

5. Determine and comply with the retention schedules of

the source system data and ensure data in the big data

platform is in compliance. • Different sources might have different retention timelines due to legal

or other business reasons. Rather than trying to unify or another way

identify a single retention period for all data in the big data platform,

consider it is an amalgamation of different domains of data, with each

domain of data with specific and often unique retention schedule.

• This might result in some more complexity in use cases. However

provide maximum duration for analysis and forecasting, while ensuring

compliance.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

29 Synchronization

6. Every data record that is replicated from other sources

should be synchronised for changes in source system. Most cases, operational decisions are made based on inferences from big

data platform, this sync should be real time and algorithms need to re-run

for false positive corrections.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

30 Key Sensitive Data Elements

7.1 Very Sensitive personal information

This type should NOT be stored in big data systems. Rather be in totally

different platforms and invoked as and when needed basis.

o Credit Card Numbers,

o Passwords for consumers.

7.2 Hashed personal identifiers (Or encrypted in equivalent ways).

Hashed Values can be stored in big data but original data or hash

keys/logic should not be in big data platform.

o SIN/SSN numbers,

o Driving License Info.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

31 Big Data Privacy Guidelines (Contextual decision)

1. Personal Contact Information:

This should not be stored in big data but cross reference able with operational

systems for the “final subset” of target customers. This way you are not risking

entire customer base but only a small subset even if some breach happens.

• Personal Contact Info Data elements: Names ,Email, Social Media IDs

(Facebook, twitter, LinkedIn), Physical Address (except postal code), Phone

Numbers (except area code).

2. Special considerations when using large enterprise customer’s data.

• You may have very specific contracts with them, with specific privacy and

security agreements.

• How do you ensure you are not doing a CDR analysis of top brass of military or

senators in big data?

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

32 Big Data Privacy Guidelines (Contextual decision)

3. Algorithms should be tweaked to favour false negatives as opposed to false

positives.

4. Data Quality is addressed in source systems, wherever it is – Not the

downstream.

5. Data in big data (input or output – any stored data) platform should be

customer sharing friendly.

6. Information in Big Data platform should not be downloadable to individual’s

equipment’s (laptops etc.)..

Alex Loffler of TELUS Security team

Shelly Scott of TELUS Privacy Office

For help and participation in Big Data Best Practices

Acknowledgements

Ann Cavoukian & Jeff Jonas :

“Privacy By Design” Whitepaper

on Big Data Privacy

References

Rajesh Jayaprakash

Questions ?

Please Email

[email protected]

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

35

Thank You !

Rajesh Jayaprakash [email protected]

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

36 Single View of Customer – Data for every context

Single View of Customer is not the same, giant, customer information page for everyone.

It is a logical source of all information of the customer. Each team will ask for significantly

different piece of information of the same customer.

When that is supplied, that team would ask for another set.. And cycle will continue.

Fulfillment Sales Reps Marketing

Credit Teams Big Data & Analytics IVR/Authorization

Portals

Call centers

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

37

DATA

Transactional Data

Data Classification

Represents relatively static data. Customers, Products etc.

Includes Customer Names, Demographics, Relationships with

other Customers, Account Relationships, Privacy, Preferences

etc. These type of data are relatively static, low in volume, and

widely used in the organization

Master Data

Transactional Data

Analytical Data

Data in Any Organization is broadly classified into three.

Represents the business activity at a point in time. Data of day

to day activities of the company.

Examples: Account Balance, Bills, Payments, Orders, Trouble

tickets. This data is created very frequently, higher in volume,

and relevant to pockets of organization.

Represents the information derived from the above two.

Examples: Trends, Forecasts, Sales history, buying patterns,

profitability, segmentation, propensity to buy, lifetime Value, risk

exposure. This all ‘generated’ data and very specific to pockets

of organization. Volumes are very high.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

38 What is Single View of Customer?

What it is NOT Why?

Another database in which we need to bring

all data of all customers

Impractical approach.

A huge list of predefined data elements

about the customer.

The list is too big and too dynamic with the

advent of new technologies like social

media, location based services etc.

A problem that any single vendor product

can solve by itself.

The breadth of data spans across many

systems.

Another ‘matching’ engine Putting emphasis on matching is a reactive

solution.

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

39 What is Single View of Customer?

An attainable, capability-based definition

• The capability to access the ‘best quality’ information available in the organization. This include information internal to organization and external data(social media etc.)

• The capability to get all the information about the customer, for the given user/application, at any specific context

• The capability to pinpoint a single record instance for a customer, without duplication issues exposed to the end users/applications

• The capability of having a common customer definition of ‘customer‘ and it accepted throughout the organization.

Define & Align on

“Customer”

Single Record

Best “Available”

Data for every

Context & Audience

A collection of four capabilities

Pri

vacy S

co

re –

Pri

vacy a

s a

co

mp

eti

tive A

dvan

tag

e

40 What is Single View of Customer?