Tag Archives: McAfee

Privacy Engineering: How Researchers Can Protect Consumers and Companies

By Marc Dresner, IIR

Those of you who follow this blog know I’ve been a little
hung up on privacy lately. 

My last two posts, respectively, have dealt with
data brokers and the relatively unchecked accumulation of people’s personal information on- and offline by companies nowadays.

Today I want to look at the privacy engineering movement
that’s been gaining traction in the IT community and why researchers ought to
take note.
But first, just to refresh, in my previous posts I’ve echoed
a growing sentiment among experts that we may be on the brink of a privacy
backlash in response to a perceived lack of informed consent and
transparency with regard to Big Data collection and use.
In a nutshell, there’s mounting consumer anxiety over what some characterize as a sort of Big Brother-style corporate surveillance.
It’s a worrisome trend at a time when trust in brands and
companies’particularly among younger cohorts’is already abysmally low.


A Consumer Trust Crisis

Coca-Cola’s Global Director of Human and Cultural Insights,
Tom LaForge, summed up the trust situation well in a speech I attended earlier
this year:
‘Whether or not a competitor will steal share is not what
you should worry about. Worry instead about whether or not people will allow
you to stay in business, because ‘big’ is on probation,’ said LaForge.

‘Worry about
whether or not people will allow you to stay in business, because ‘big’ is on
probation.’ 
‘ Tom LaForge, 
The Coca-Cola Co. 
‘People do not trust big entities,’ he added. ‘They don’t
trust governments. And global corporations are often bigger than governments. Corporations
are about as big as it gets.’
How bad is this trust crisis? LaForge said ‘corporations are losing the social
license to operate’ as a result.
In such a climate, it’s not implausible that a
well-publicized privacy breach (note that’s privacy
breach, not data security breach) might
cause serious, even irreparable damage to a brand, company or other
institution’s credibility and relationship with the public.

Privacy: It’s About Ethics Not Compliance

Accordingly, experts are advising companies to think about
privacy not in terms of compliance, but in terms of ethics.
Indeed, the reason privacy is getting so much attention
these days is arguably because current legislation and regulation don’t go far
enough and may not be able keep pace with technological change.
In lieu of statute, companies must sort out privacy ethics
on their own. That’s a complicated affair in which the research community can
be an invaluable resource.
But first, I humbly suggest that researchers get acquainted
with ‘privacy engineering.’

What is Privacy Engineering?

An increasingly popular approach with the tech set, privacy engineering endeavors to
systematize privacy and embed it in the products and processes companies use, buy, create
and sell. 
I conducted a podcast interview on the subject with one of its pioneers, Michelle Dennedy, VP and Chief Privacy Officer at
McAfee, back in April.
Dennedy, whose credentials straddle the legal and
technological aspects of data security and privacy, is also co-author of ‘The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value.’

‘Privacy
engineering is a way to build respect for information about people back into
our infrastructure.’ 
- Michelle Dennedy, McAfee 
‘Privacy engineering is a way to build respect for information about
people back into our infrastructure and to think about data from the consumer
perspective,’ Dennedy told me.

It’s particularly important for researchers to familiarize themselves
with this approach, I think, in part because companies are increasingly looking outside the
research function to data scientists to manage Big Data.

You don’t need to be an IT specialist to understand ‘The Privacy
Engineer’s Manifesto’ and it may be just the blueprint consumer researchers need
to insinuate themselves in the fundamental discussions that shape not only
privacy policy and practice, but the manner and extent to which companies
harness Big Data moving forward.

See Also: Privacy by Design

I would also advise researchers to familiarize themselves
with another, similar concept: Privacy by Design’ (PbD).

PbD is both an approach
and a landmark resolution approved by international data protection and
privacy commissioners in Jerusalem in 2010.
The PbD framework sets out seven foundation principles aimed
at ensuring that privacy is embedded into new technologies and business
practices from the outset and boils down to three key tenets:
-         
Trust and control
-         
Freedom of choice
-         
Informational
self-determination
According to Dr. Ann Cavoukian, former Privacy and
Information Commissioner of Ontario, Canada, and architect of PbD, privacy
policies are becoming meaningless to people and companies should not hide
behind them.
‘If your company does something with people’s information
that might raise ethical questions, stating it in a privacy policy’even if it
isn’t buried in jargon’does not equate to informed consent. People check the box
without reading all the time,’ Cavoukian told a room full of consumer
researchers back in May.
‘Privacy isn’t
something people think they should have to ask for; it’s a presumption.’ 
‘ Privacy and Information Commissioner
Ann Cavoukian

‘Privacy isn’t something people think they should have to
ask for; it’s a presumption,’ Cavoukian added.

Bottom line: A privacy policy may protect a company in a
lawsuit, but it won’t help in the court of public opinion, where the stakes
may be much higher.
To illustrate just how serious the threat of a
public backlash has become, Cavoukian cited a variety of survey data,
most notably a January 2014 AP-GfK poll in which more than 60% of respondents
said they value their privacy over anti-terror protections.

PbD and privacy
engineering offer a compelling safeguard to companies because they’re
inherently proactive. You’re embedding privacy protection in everything you do
and design’right down to the code’from the get-go.
While it may seem expensive to take the necessary steps to
ensure that all current and future products, systems, etc., meet standards that
may not be mandated by law, the cost may be infinitely higher to implement,
revise and rebuild after a privacy breach.

How does this
apply to researchers?

We tend to think of this stuff as falling under the purview
of a Chief Privacy Officer, but it’s both an imperative and an opportunity for
researchers.
Consumer researchers are probably the last people who
require a lecture on the ethical collection and use of data or the sanctity of
trust’without it, we have no respondents’but as you well know, research today
is neither confined to direct response methodologies nor gathered exclusively
from opt-in panels and communities.
Moreover, a research department typically isn’t the only
entity in a company engaged in the collection of consumer data, its sole repository or the arbiter
of its use.
In short, there’s plenty of room for an unintentional breach
of privacy ethics in most organizations today. And given the stakes, this
represents an unacceptable risk.
So, the time has come for internal research functions to get
involved in privacy discussions outside departmental walls and to have a hand
not just in crafting policy and protocol, but to make the case to management for
building a company-wide culture that understands and respects consumer privacy.
So start by paying a visit to your colleagues in IT to talk
about privacy engineering. Privacy oversight will need to cover marketing,
R&D, sales, etc. 

This is a chance for research to assert influence over all of a
company’s present and future consumer information assets. It’s a natural fit.

ABOUT THE AUTHOR
Marc Dresner is IIR USA’s sr. editor and special communication project lead. He is the former executive editor of Research Business Report, a confidential newsletter for the marketing research and consumer insights industry. He may be reached at mdresner@iirusa.com. Follow him @mdrezz.

Privacy Engineering: What Researchers Need to Know

McAfee
Chief Privacy Officer Urges Insights Pros to Own Privacy and Big Data





By Marc Dresner, IIR

‘The fantastic advances in the field of electronic communication
constitute a greater danger to the privacy of the individual.’ 
‘ Earl Warren, 14th Chief
Justice of the U.S. Supreme Court, died 1974
‘Privacy is dead, and social media hold the
smoking gun.’ 
‘ Pete Cashmore, Founder and CEO of Mashable, born 1985
The fellas quoted above
were, I believe, referring to opposing sides of the privacy coin: The former
was talking about government surveillance of the Orwellian sort; the latter’taken
from a 2009 blog post’spoke to people’s increasing compulsion to publicize their
personal lives.
To distinguish between the
two assumes there is a line that can be crossed, aka ‘informed consent.’
Privacy advocates have
argued that informed consent is more or less a fallacy because the information
needed to make a fully informed choice is largely inaccessible
But privacy advocates’including
top security and legal experts’have argued that informed consent is more or
less a fallacy, because the information needed to make a fully informed choice
is largely inaccessible to the
average person.
That’s ‘inaccessible’ in three
broad categories:
1.   
Inaccessible by design‘for legit* purposes
(national security or law enforcement) and also for ethically questionable purposes
(ex. Facebook’s privacy gaffes and antics).
*Sorry, but I’ll not kick the Edward
Snowden beehive in this forum today.


2.   
Inadvertently inaccessible, but fixable‘Ex. privacy
policies that can only be deciphered by lawyers or that will only be read by
very patient, unusually suspicious people with lots of time on their hands.
3.   
Inadvertently inaccessible, but unavoidable‘the
complex tangle of partnerships, affiliations, agreements and policy overlaps,
oversights, contradictions, accidents, etc., that comprise our digital universe
(it is called the Web, after all) make it practically impossible for someone to
be completely informed of all the ways information about them may be or is
being used.
The jury appears to be
out when it comes to the ownership and control of all of those digital data
points we generate
I’ll leave it to the
intelligentsia (not used in the pejorative here) to debate whether or not we’re
doomed to life in a digital panopticon, but the jury appears to be indefinitely
out when it comes to the ownership and control of all of those data points we’re
generating in the digital realm.
This much is clear: The
privacy debate isn’t going anywhere; it’s just getting started.
People seem resigned
to the fact that information about them is collected and used for purposes they
aren’t aware of and might not consent to if they were
For the time being, people
seem generally resigned to and even comfortable with the fact that information
about them is being collected by unknown others and used in all kinds of ways
for all sorts of purposes that we aren’t aware of and might not consent to if
we were.
But for how long? It seems a
tenuous peace at best.
I’ve attended sessions at
two of FoCI’s sister events within the past six months’Foresight & Trends
and Media Insights & Engagement, respectively’whose speakers warned their
audiences that the sleeping giant is stirring.
All of this
matters to insights jocks more than one might suppose.
Consumer researchers work hard to build and
maintain respondents’ trust, and I think most would agree that there’s no
privacy bugaboo in taking surveys, participating on panels, etc.
But even if transparent,
double opt-in instruments are still the primary source of consumer intelligence’debatable’they’re
certainly not the only source.
We have Big Data now, pulled
from across the digital universe. The sheer breadth of sources without a doubt increases
the likelihood that we’ve violated someone’s privacy.
As consumer insights become
increasingly dependent upon and intertwined with technology, we find ourselves
in a precarious position
So as the consumer
intelligence field becomes increasingly dependent upon and intertwined with technology,
we find ourselves in an increasingly precarious position because we cannot be
guaranteed that the data we’re collecting and analyzing was captured with
informed consent.
Moreover, research
professionals cast in the traditional mold aren’t the only ones accessing and
using these data. We’re not necessarily the gatekeepers and we can’t always
know which information from even our own internal databases is being used, how
and by whom.
That is the domain of the
chief privacy officer, or in lieu of a CPO, typically a mishmash of IT and
legal folks.
Michelle Dennedy
Enter Michelle Dennedy, VP and Chief Privacy Officer at McAfee,
and co-author of ‘The Privacy Engineer’s Manifesto: Getting from Policy to Code
to QA to Value.’
Dennedy is a top authority whose credentials straddle the legal and
technological aspects of data security and privacy.
She and co-authors Jonathon
Fox and Thomas Finneran have developed a new model: ‘privacy
engineering,’ which endeavors to operationalize privacy and embed it in the products and processes companies use, buy, create and
sell. 
‘Privacy engineering is a way to build respect for information about
people back into our infrastructure and to think about data from the consumer
perspective’
‘Privacy
engineering is a way to build respect for information about people back into
our infrastructure and to think about data from the consumer perspective,’
Dennedy told The Research Insighter.
This
is particularly important to the Future of Consumer Intelligence audience
because companies are increasingly looking outside the
research function to data scientists to manage Big Data.
The
approach outlined in ‘The Privacy Engineer’s Manifesto’ appears to offer a blueprint consumer researchers can
use to insinuate themselves in the fundamental discussions that shape not only
privacy policy and practice, but the manner and extent to which companies
harness Big Data moving forward.
(Full disclosure: I have not yet read the book, but I’ve researched it thoroughly and rest assured you don’t need to be an IT specialist to understand it.) 
‘At
best, most companies probably leverage maybe 1-2% of the true import of data
through analytics that count,’ noted Dennedy.
‘A lot of Big Data analytics are wrong because they fail to address the
true business problem, a human problem.’
‘I
think a lot of these Big Data analytics are wrong or bad,’ she added, ‘because
they fail to address the true business problem, and by that I mean a human
problem.’
‘Researchers tend to
understand the business case and how data should be leveraged,’ she observed.
According to Dennedy, it’s
time for researchers to step up and reach out to their counterparts in
functions they may not normally work with, even if it means taking on projects
outside their current purview.
‘Consumer
and marketing researchers become quintessentially important when they carry
insights across the aisle,’ Dennedy said.
‘Make
sure those customer insights and pain points are part of the equation from the
start.’
In
this podcast for The Research Insighter’the official interview series of the
Future of Consumer Intelligence (FoCI) conference’Dennedy discusses:

‘ ‘Privacy engineering”what it is and why it
matters

‘ The problem with Big Data

‘ Applications and implications for large and small
companies, alike

‘ What researchers can do today to get involved, and
more!

Editor’s note: Michelle Dennedy will present ‘The
Privacy Manifesto’ at The Future of Consumer Intelligence Conference taking place May 19-21 in Universal City,
California.
SAVE 15% on your registration to attend The Future of
Consumer Intelligence when you use code FOCI14BLOG. 

Register here today!

For more information, please visit www.futureofconsumerintel.com

  


ABOUT THE AUTHOR / INTERVIEWER 
Marc Dresner is IIR USA’s sr. editor and special communication project lead. He is the former executive editor of Research Business Report, a confidential newsletter for the marketing research and consumer insights industry. He may be reached at mdresner@iirusa.com. Follow him @mdrezz.

McAfee creates online community to enhance business

According to the Silicon Valley Business Journal, McAfee will be launching a new online community that will function as a customer service tool and allow users to interact with each other. The community will allow McAfee to increase communication beyond the typical customer service methods and allow for more collaboration and interaction.

As more companies begin to create online communities, not only can they better service their customers, but they can begin to interact with them to fully meet their needs. Have you created a customer community around your product? How has it begun to enhance your company’s interaction with the customers?