Predictive Analytics, Privacy & You: Creeping Up On Creepy Christopher Surdak, JD, Global Subject Matter Expert 13 February, 2015 Copyright Copyright 2012 2015 Hewlett-Packard Development Company, Company, L.P. L.P. The information The information contained contained herein herein is subject is subject to change to change without without notice. notice.
Your 15 Minutes of Fame? 2
How Are Security and Privacy Different? Handling Mechanisms Individual Rights Fairness of Use Notice Choice Access Accountability Security Privacy Security Protection Mechanisms Authentication Access controls Availability Confidentiality Integrity Retention Storage Backup Incident response Recovery 3 Many Privacy Laws Also Restrict Trans-Border Data Flow of Personal Information
Wherefore Art Thou, Privacy? We are: Mobile: Connectivity, every-where, every-when Connected: All of our relationships, business, family, personal, are managed through Social Media Exposed: People share remarkable details about themselves online Dependent: Technologies ingrained into our very lives We are: Vulnerable: Constant, persistent attacks against our information Product: Our information is the basis of an entire economic structure Unarmed: We have few tools to manage our digital lives 4 Unaware: Of our actual level of exposure and vulnerability
Changing Expectations USC Annenberg Center for the Digital Future: 70% of Millennials say no one should have access to their data or online behavior. Yet: 25% will trade it away for more relevant advertising 56% will share their location for coupons or deals 51% say they ll share information with companies if they get something in return. 5
The Privacy Paradox I demand deep personalization What I want Where I want When I want How I want Pick *ONE* because you can t have both! I expect privacy Anonymity Freedom Protection
What is for sale? Top 6 Companies in the World, by Market Capitalization, June 2014 (Source, PwC) Rank Who? What do they Sell? 1 2 3 4 5 6 Phones? Oil Nothing? Money Oil Stuff
YOU ARE THE PRODUCT! Companies like Google, Facebook, Yahoo, Twitter and Microsoft (Bing) spend tens of billions of dollars per year on servers, storage, networking and electricity How much did you pay to use their services?
Changing Expectations
Six Challenges of The New Normal Quality: Consumers expect perfection. Deliver less and your customers will abandon you forever. Ubiquity: Globalization means anything, anywhere, anytime. Anything less is unacceptable. Immediacy: Immediate gratification. There s an app for that instantly, predictively. Disengagement: Don t build, don t run, don t outsource, don t care. I only buy a result. Intimacy: Customers hunger for other forms of connectedness. Feeling like part of a community will be even more important as our needs are met more anonymously. Purpose: Support customers need for and sense of purpose. 10
The Customer Engagement Continuum Reactive Responsive Predictive Persuasive Timing: Past Present Future Future Topic: What has happened What is happening What might happen What should happen Purpose: Understand the Past Understand the Present Understand the Future Change the Future Value: What worked before may work again Is there an opportunity right now Is there an opportunity coming Can I create an opportunity 11
Creeping Towards Creepy 12
What s the Issue, What s at Stake? Intimacy Predictive Shipping Creepiness Needs Anticipation Behavior Manipulation Reverse Grouponing Behavior Modeling E- Coupons Liking Suggestion lists I-Coupons Geo- Tracking Cookies The best companies must walk the razor s edge between these two extremes
Innovation Outpaces Morality? Like this if you feel violated 14
Why Care? What if analytics and predictive technologies can change customer behavior 1%? In reality, these technologies easily double or triple results Can changes to the customer environs double their purchases? Triple? Do you know? Cha-Ching!!! $18 billion in increased revenue!
The Big Data balance sheet Monetize Differentiate Personalize Monitor Meter Optimize Predict Assets Liabilities Regulate Comply Control Secure Address Ensure and more 16
Are the Kids Alright? High School
And College?
And After That?
Everything, Forever There is NO DELETE on the Internet! The current trend is to analyze what you type, BEFORE you send it! When someone looks you up, they don t see how old the information is You CANNOT take it back!
Is it Really Possible to Anonymise Data? Many regulations require that Personal Identifying Information (PII) be anonymised before use Anonymised Set 1 for other purposes: PIPEDA FOIPPA US HIPPA Complete Data Anonymised Set 2 Consolidated Data Reanimated Data Anonymised Data 21
BC PIPA Implicit consent 8 (1) An individual is deemed to consent to the collection, use or disclosure of personal information by Part Provision 3 Consent of consent 7 an (1) organization An individual for a purpose has not if given consent under this Act to an organization Consent required unless obvious to a reasonable person, and 6 (1) (a) An the organization must has provided not the individual with the information (a) collect required purpose. personal under section information 10 (1), about andan individual, (b) use (b) personal the individual's information consent about is provided an individual, in accordance or with this Act. (a) at the time the consent is deemed to be given, the purpose would be considered to be (b) the individual voluntarily provides the personal information to the organization for that (2) An individual is deemed to consent to the collection, use or disclosure of personal information for the purpose of his or her enrollment or coverage under an insurance, pension, benefit or similar plan, policy or contract if he or she (2) (c) An disclose personal information about an individual. (a) organization is a beneficiary must or has not, an interest as a condition as an insured of under supplying the plan, a product policy or contract, or service, and (2) require Subsection (b) an is not individual the applicant (1) does to consent for the not plan, apply to policy the collection, ifor contract. use or disclosure of (a) personal the individual information gives beyond consent what to the is necessary collection, to use provide or disclosure, the product or purposes if service. (b) this Act authorizes the collection, use or disclosure without the consent of the individual, or (3) If an information organization for those attempts purposes, to obtain consent for collecting, using or (c) disclosing this Act personal deems the information collection, by use or disclosure to be consented to by the (a) individual. providing false or misleading information respecting the collection, use collection, or disclosure use or disclosure, of the and information, or (b) using deceptive or misleading practices sensitivity of the personal information in the circumstances. any consent provided in those circumstances is not validly given. (3) An organization may collect, use or disclose personal information about an individual for specified (a) the organization provides the individual with a notice, in a form the individual can reasonably be considered to understand, that it intends to collect, use or disclose the individual's personal (b) the organization gives the individual a reasonable opportunity to decline within a reasonable time to have his or her personal information collected, used or disclosed for those purposes, (c) the individual does not decline, within the time allowed under paragraph (b), the proposed (d) the collection, use or disclosure of personal information is reasonable having regard to the (4) Subsection (1) does not authorize an organization to collect, use or disclose personal information for a different purpose than the purpose to which that subsection applies.
Do You Read Your EULAs? The Language in End User License Agreements (EULAs) are broad, open to a range of interpretations, and are designed to allow vendors to make money from your data 23
FaceBook EULA As of 12 February, 2015 By Amendments Sharing using Your Content or and accessing Information Facebook Special Provisions Applicable to Users Outside the United States About Advertisements and Other Commercial Content Served or Enhanced We ll notify by Facebook you before we make changes to these terms and give you We strive to create a global community with consistent standards for everyone, the opportunity to review and comment on the revised terms before but Services, we also strive to you respect agree local laws. The that following we provisions can collect apply to users and non-users use who such interact content with Facebook outside and the information United States: in You consent to having your personal data transferred to and processed in You own all of the content and information you post on Facebook, and you can Our control goal continuing how is to it deliver is shared to use advertising through our Services. and yourother privacy commercial and application or sponsored settings. content In that is valuable addition: If we to make our users changes and advertisers. to policies, In order guidelines to help or us other do that, terms you agree referenced to the in following: For incorporated content that is by covered this Statement, by intellectual we may property provide rights, notice like photos on the and Site accordance the You videos United give (IP us States. content), permission you to specifically use your name, give us profile the following picture, content, permission, and Governance Page. with the Data Policy as information subject to your in connection privacyand with application commercial, settings: sponsored, you grant or related us a nonexclusive, content (such amended Your as continued a brand you transferable, use like) from of served the sub-licensable, Facebook time or enhanced to Services, royalty-free, by time. us. This following means, worldwide notice for example, license of the to that changes you use permit to any our IP a content terms, business policies that or you other post or entity guidelines, on to or pay in connection us constitutes to display with your Facebook your name acceptance and/or (IP of our profile License). amended picture This terms, with IP License your policies content ends or or when guidelines. information, you delete without your IP any content compensation or your to you. account If you unless have selected your content a specific has been audience shared for with your others, content and or they information, have we Facebook if you are prohibited from receiving products, services, or will not respect deleted your it. choice when we use it. software We do not originating give your content from the or information United States. to advertisers without your consent. You understand that we may not always identify paid services and communications as such. If you are located in a country embargoed by the United States, or are on the U.S. Treasury Department's list of Specially Designated Nationals you will not engage in commercial activities on Facebook (such as advertising or payments) or operate a Platform application or website. You will not use
Google s EULA From Support.Google.com; 8/11/2014 Contacts/Calendar Phone Photos/Media/Files Location Camera/Microphone Identity An An Device An app app can & can app use use history files your phone device's data and/or stored contacts location. camera its call your and/or history. device. calendar microphone. information. An An app app can can use use your one account or more of and/or the following: profile information on your Note: Contacts Photos/Media/Files Location Camera Depending access and calendar microphone may access your include: access plan, access may may you include may include include be the the charged ability ability the to: ability by to: your to: carrier device. for Read Approximate Take phone your the sensitive pictures calls. contents contacts location and log of data videos your (network-based) USB storage (example: SD card) Identity Retrieve your access system contacts may internal include state the ability to: Phone Modify Precise Record access or location audio delete may (GPS the include contents and the network-based) of ability your to: USB storage Find Read accounts calendar your web on events bookmarks the device Directly Format Access Record call external extra video phone location storage numbers; plus provider confidential and this commands history may cost information you money Read Add Retrieve or your modify running own calendar contact apps card events (example: and send name email and to guests contact Write Mount GPS call access or log unmount (example: external call history) storage without information) owners Read Cellular call knowledge data log settings Modify An app your can own use settings contact card Reroute outgoing calls that control your mobile data Add connection or remove and accounts Modify phone state potentially the data you receive. Make calls without your intervention 25
Case Study: License Plate Recognition 26
Vehicle Recognition Used in association with ANPR Match Make and/or Model Easy to train Real-time matching Alert or Search for Vehicle without registration Validate database using ANPR result to identify illegal plated vehicles 27
Face Recognition Demo: Office Entrance 28
Use case Police surveillance 29
Use Case Counting and Access control 30
What to expect A Framework for Privacy Management Disclosure: Companies would notify consumers in detail what is collected, how frequently, by whom, and how it may be used. Transparency: Consumers would be notified when their data is being used, in real time, to influence their opinions or actions. Recourse: Consumers would be allowed to adjust how their data is used to suit their own comfort level. This would mean no more blanket authorizations when a user downloads an app or signs up for an account. Monitoring: Consumers must be able to confirm that businesses respect their wishes. 31
Disruption is Guaranteed Are you disrupting, or being disrupted? 32
Thank You Email: Christopher.w.surdak@hp.com Twitter: @csurdak M: 714.398.4874 If you d like to learn more, check out Data Crush, from AMACOM Publishing, getabstract s International Book of the Year, 2014 Also see my columns in European Business Review Magazine, Dataconomy.com and my blog posts on HP.com