1 / 25

Privacy Payoff

Privacy Payoff. Privacy definitions redux “The claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.” Weston

rashad-gonzalez
Télécharger la présentation

Privacy Payoff

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Payoff • Privacy definitions redux • “The claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.” Weston • “The extent to which we are known to others, the extent to which others have physical access to us, and the extent to which we are the subject of others’ attention” Gavison • The problem of being misjudged (or judged out of context) or misdefined

  2. Privacy Issues Often Involve Competing Values • Rights versus duties • Individual versus community • Self-determination versus public welfare • Confidentiality versus public safety • Consider privacy with respect to Megan’s law or potential epidemics • Consider the benefits of personalization through IT versus intrusive marketing

  3. Three Kinds of Privacy • Decisional Privacy – The kind of privacy intrinsic to a self-determined autonomous life. • J.S. Mill “…the principle requires liberty of tastes and pursuits; of framing the plan of our life to suit our own character; of doing as we like, subject to such consequences as may follow: without impediment from our fellow creatures, so long as what we do does not harm them, even though they think our conduct foolish, perverse, or wrong.” • At issue are choice of friends, religion, jobs, hobbies, etc.

  4. Three Kinds of Privacy • Informational Privacy – the control we have over information about ourselves • How do we experience the loss of that control? • Local privacy – having physical space where we can be alone and unobserved (a private home) • How do these three kinds of privacy complement each other?

  5. Positive and Negative Liberty • Negative liberty – freedom from government or commercial intrusion • Positive liberty – “I wish, above all, to be conscious of myself as a thinking, willing, active being, bearing responsibility for my choices.” • How do the three kinds of privacy relate to positive and negative liberty?

  6. Europe Compared to the US • European privacy concerns tend to be directed toward business intrusion on personal privacy. • US concerns tend to be directed toward government intrusion. • Differences with respect to bias toward governmental regulation versus free market • The US has no comprehensive privacy law, no agency charged with administration of privacy law.

  7. Global Privacy • US – Privacy Principles, 1974 Privacy Act, ad hoc privacy laws, e.g. Video Privacy Protection Act, CAN-SPAM, no independent oversight body • Canada – National Privacy commissioner and provincial commissioners, Human Rights Act, sector laws • Europe - Council of Europe

  8. Transnational Governance of the Internet • Now governance is ad hoc • The problem of jurisdiction • Mice and elephants • France v. Yahoo • Australian firm v. DJ News • Standard setting • ICANN (Internet Corporation for Assigned Names and Numbers) and the DNS (Domain Name System) • The EPD (European Directive on Privacy or more properly European Directive on Data Protection) could force more transnational agreement

  9. Logic of the EPD • Supports the creation of a unified European market • Requires a minimum standard for protecting personal data • When the standard is met, it increases the free flow of information • By restricting data flows outside the EU, it prevents finessing the intent of the EPD by setting up off-shore data havens

  10. Data Protections • Includes Fair Information Practices • The individual shall not be subject to decision-making based on the automated processing of data – e.g. decisions about work performance, creditworthiness, etc. • Processing of sensitive data is prohibited – e.g. religious affiliation, political affiliation, philosophical beliefs, etc.

  11. Article 25 • Transfers of personal data outside the EU are permitted only if the country ensures an adequate level of protection. • What is adequate?

  12. Insuring Compliance • Each EU nation must have a privacy agency with: • Investigative powers • Powers of intervention • Power to engage in legal proceedings • There is an institutional means for coordinating among the fifteen nations in the EU

  13. Effects of the EPD on US Firms • Potential large compliance costs • Depends on existing privacy practices for the firm • Because of existing US practices, data transfer for some sectors may face a credible challenge • Are there potential benefits from compliance?

  14. Canada and PIPEDA • Personal Information Protection and Electronic Documents Act – consistent with FIP • Support of Jon Gustavson, President of Canadian Direct Marketing Association • Privacy Commissioner give authority to launch investigations, publicize violations, and initiate legal action

  15. Adversaries or Partners • Customer and personal data is a raw material to be refined and exploited • Spam, pop-up ads, junk mail, data mining, etc. • Partnerships between consenting firms and customers will yield mutual benefit

  16. Loyalty and Retention • Customer loyalty results in higher retention rates • By increasing customer retention 5%, a company will increase its profits from 25% to 95% (Reichheld, HBR)

  17. Research Model for Privacy, Trust, and Loyalty Benevolence Integrity Trust RTR Ability

  18. Results • The fair privacy policy engendered greater trust – the firm with the fair policy scored significantly higher on benevolence, ability, integrity, and overall trust. • Respondents said they would be more likely to: • Purchase more products and new products from the firm with the fair privacy policy and • Provide truthful information to the firm with the fair privacy policy • Respondents said they would be more likely to switch from the unfair company to the fair company for competitive products • Respondents were more concerned about the unfair company’s use of their PII for solicitations and as a means of manipulating them

  19. Cost of Privacy • Studies aimed at showing that the cost of privacy is prohibitive, estimate costs between $9B and $36B • Estimates are likely too high • Many companies have already addressed some concerns, e.g. Y2K • Costs based on large firms • Costs based on extreme view of necessary complaince • Assumes no economies of scale

  20. Privacy Infringement as an Externality • Privacy infringement costs borne by the individual • If costs borne by firms’ they will be passed on to customers • Litigation costs • It is socially desirable to eliminate externality when the cost of doing so is less than the damage caused • Building in privacy protection to new products and services rather than dealing with privacy implications after damage occurs

  21. Privacy Audits and Privacy Seals • Privacy Risk Assessment • BBBOnline, TRUSTe • Safe Harbor certification

  22. Chief Privacy Officers • Privacy & American Business • Are privacy issues a passing fad or are they here to stay? • Why appoint a CPO? • Is the position cosmetic? • Privacy issues are cross-functional and require coordination across external constituencies.

  23. What does a CPO do? • Internal data and software management • Product development • Development of a Privacy Policy • Legal and Governmental compliance • Training and Education • Customer advocacy • Employee advocacy

  24. CPO Qualifications • At what level should the CPO report? • What training is appropriate? • What experience is appropriate?

  25. Canadian Firms compared to US Firms Privacy Practices • US firms more focused on risk management, Canadian firms more focused on the value of privacy as a differentiator • US firms more focused on security, and protection from hackers – Canadian firms more customer centric • Canadian firms more focused on data control procedures, 3rd party vendor compliance, data quality, and attention to trans-border data transmission

More Related