Privacy & Data Ethics

International Business
Coaching
New Charter University
Erik Kokkonen
11 February 2016

My Background
• CNET
– Technology news publisher
– Launched websites in US, UK/EU, and Asia
• CBS
– Largest mass media company in USA
– International distribution of media assets
• Westfield Corporation
– One of the world's largest shopping center companies
– Multi-national, founded in Australia

Topic: Data
• What do we mean when we speak of 'data'?
• Importance of data in international business
• Legal and ethical issues when managing data
• How do I take action as a business person?
• Discussion: "How might I use data right now, in my current project/ job?"

What do we mean by 'data'?
• Facts or information used usually to calculate,
analyze, or plan something
• Information that is produced or stored by a
computer
Merriam-Webster Dictionary, http://www.merriam-webster.com/dictionary/data

Data Information Knowledge Wisdom
Numbers, Facts Patterns Decisions Judgements, Ethics
Log files, databases Spreadsheets "What-if" Scenarios Policies
Engineer Manager Executive Board
The Wisdom Hierarchy, Journal of Information Science, Feb 2007

Data Information Knowledge Wisdom
Gender: Male
Height: 6 feet
Weight: 180 US pounds
Income: $50K USD PA
Demographics Relevant target for men's clothing
Desirable target market to spend
money on
Online Survey Forms
# of target in email database,
% confidence in data
Promote athletic clothes versus
office clothes
Ensure data gathered was freely
provided by consumer
Engineer Manager Executive Board

In business, data can have multiple meanings:
• Marketing: demographics, contact (email, phone), behaviors
• Operations: cycle time, throughput, lead time
• Finance: profits, costs, purchase information, credit card numbers
• Human Resources: health, demographics, psychometrics, income

Importance of data in international
business

Importance of data in international
business
• Top exports for Kenya 2015
– Tea
– Refined petroleum
– Cut flowers
– Coffee
– Legumes
• Top imports for Kenya 2015
– Refined petroleum
– Cars
– Hot rolled iron
– Packaged medicaments
– Wheat
http://atlas.media.mit.edu/en/profile/country/ken/
If data is so important, why isn’t it in these lists?

“
“Data are becoming the new raw
material of business: an economic
input almost on a par with capital
and labour.
- The Economist, "Data, Data Everywhere," Feb 2010

Most Valuable Companies in the World
(by Market Capitalization)
Common strength for all of these companies?
– Technology yes, but data is the key asset

Legal and ethical issues managing
data

CASE STUDY: GOOGLE
CNET article, May 2010
 The Google Street View Car was logging into unsecured Wi-Fi
networks and harvesting user data
 A month before the news broke, Google told German
authorities that the company did not log into Wi-Fi networks
 Google claimed an engineer accidentally included the code to
collect data
Google is facing challenges around the world to their Street View
cars
“Google: Oops, we spied on your Wi-Fi”

CASE STUDY: APPLE
BBC, Sept 2014
 High profile celebrities had their photos hacked and copied
from Apple’s “iCloud” storage service
 Some photos contained very sensitive, personal data
 To avoid consumer backlash, Apple added stronger security
options for its users
Google is facing challenges around the world to their Street View
cars
“Apple toughens iCloud security after celebrity
breach”

CASE STUDY: FACEBOOK
“Agencies Contend Facebook Is Breaching
French Privacy Laws”
Associated Press Article, Feb 2016
• Agencies contend Facebook collecting political,
religious, and sexual orientation data on users and
non-users without proper notification
• Also contend that Facebook does not provide users
and non-users with an adequate way to stop the
collection of this data and/or delete it
Verizon received a non-trivial, although largely
symbolic fine.

Privacy Security
Notice
Choice
Hacking
Breaches
What data is being
collected and why
How data is being managed
and safeguarded
Confidentiality
Confidence

What is “Privacy”?
• the state or condition of being free from being
observed or disturbed by other people
• the state of being free from public attention
from Merriam-Webster Dictionary, www.merriam-webster.com/dictionary/privacy

“
“For most people, privacy means
not being surprised, embarrased, or
harmed by their data
Put in the context of our session:

FROM A 2013 PEW MARKET RESEARCH STUDY
50%
Internet users are
worried about the
information
available about
them online
Up 33%
from 2009
83%
Internet users surveyed,
have tried at least one
technique to hide their
activity online or avoid
being tracked
Privacy is important to every person

Data that can be used on its own or with other data to identify, contact, or locate a single person,
or to identify an individual in context
Varies by country (and even within country/states)
Examples:
• Name
• Home address
• Email address
• Social Security number
• Credit card number
• Vehicle license plate number
• Web cookies
• Wi-Fi address
• IP address
• Religion
• Political affiliation
Types of Personal Data

Types
Information Privacy
• Financial, medical, government records
Bodily Privacy
• Genetic or drug testing, physical searches
Territorial Privacy
• Video surveillance, ID checks
Communications Privacy
• Postal mail, email, telephone conversations
Types of Privacy and Stakeholders
Stakeholders
Consumers/Customers
• Buyers of your product/service
Employees
• Financial and health data are most important
Investors
• They may not want to be known as investor for
various social, political, religious or other reasons
Citizens
• People on whom you possess data but may or may
not be customers

Kenya Data Protection Bill 2013
'The Bill recognises that data protection in relation to personal information
is a corollary to the expectation of privacy, a human right that is in keeping
with best international practices', reads the Bill's Memorandum. 'The Bill is
borne out of the realisation that data protection is crucial for the
promotion of e-transactions in the global digital economy where a lot of
information is processed automatically.'
Failure to comply with its provisions could result in fines of up to KES
100,000 (approx. €820), to a term of imprisonment not exceeding two
years, or both.
http://www.dataguidance.com/dataguidance_privacy_this_week.asp?id=2306

Sensitive Personal Information (SPI) is a special class
of protected information in the EU
• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade-union membership
• Health or sex life
• Offenses or criminal convictions
In EU law, privacy is considered a fundamental human
right that cannot be traded, and the legal focus is on
protecting personal dignity
EU Citizens have the right to ask for a copy of
their data, ask for their to be corrected, and ask
for their data to be completely removed from a
company’s databases, algorithms, everything
EU Privacy Law

Safe Harbor was a framework that allowed companies to
legally transfer data from the EU to the US
First approved in 2000, it was struck down by the European
Court of Justice on October 6th 2015
Data transfers from the EU to the US that required Safe
Harbor are technically no longer legal, although there is a
grace period until January 31st 2016
Although there are no guarantees, many feel that “Safe
Harbor 2.0” will happen before the end of this year.
EU-US Joint Privacy Law

COPPA, HIPPA
Child Online Privacy Protection Act (COPPA)
In the US, it is illegal to collect information from children
under the age of 13 without the legal consent of a
parent/guardian
Health Insurance Portability and Accountability Act (HIPPA)
Federal law that establishes standards for the privacy and
security of health information, as well as standards for
electronic data interchange (EDI) of health information
US Privacy law tends to be industry-specific and data is
addressed as an issue of personal or financial harm
US Privacy Laws

What to do as a business person?

PROVIDE NOTICE, CHOICE/CONSENT, AND ACCESS
Notice
• Provide notice to consumers through legal documents like a “privacy policy”
• Identify purpose of the data collection
Choice and Consent
• Describe choices
• Obtain consent, either implicit or explicit
Data Subject Access
• Provide the stakeholder with access to his or her data
• Confirm the requestor’s identity
• If a request is denied, explain why
What to do as a business person?

Disclose Collect Use Dispose
Best practices include using data only for the purposes it was
collected (and for which consent was given) and retaining it only for
as long as the information is useful
Use Best Practices: the Data “Life Cycle”

LOCALIZE YOUR DISCLOSURES AND CONSENT
If you market to customers in a particular language, you will need to translate your
notice/privacy policy and terms of service into those languages as well
International Business Considerations
SECURE CONNECTIONS
Whenever transferring data about an individual, encrypt it! And be sure to have proper
legal agreements in place with any entities you transfer data with.
BE SURE TO KNOW THE LAW
It’s your responsibility, not someone else’s to know both local and international laws.

“
“Treat others (and their data) as you
would have them treat you (and
your data)
When in doubt – Follow the Golden Rule

Discussion/Takeaway Thought:
How might I use data right now, in my current project/ job?

Privacy & Data Ethics

More Related Content

What's hot (11)

Similar to Privacy & Data Ethics (20)

Recently uploaded (20)

Privacy & Data Ethics