Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy.
What is your organization’s role in the privacy ecosystem?
As an independent non-profit OTA’s role is develop and advance best practices to enhance online trust, promote innovation and increase accountability. For the past decade we have convened multi-stakeholder efforts and initiatives, and published progress reports and independent audits. OTA uniquely looks at the convergence of security, privacy and sustainability of business practices. We need to focus on data protection, which encompasses all three.
What key goals/issues is your organization focused on tackling?
Online trust is eroding on many fronts. Take for example online advertising. In the absence of any meaningful self-regulatory efforts to provide consumers the ability to control data collection and tracking, upwards of 25% of users are blocking online advertising. This has been amplified by the lack of security safeguards and circuit breakers to help block and prevent malicious ads from being served on legitimate websites. This is a serious concern as advertising fuels significant services consumer rely on, as well as tarnishes the reputation of websites that serve these ads. In parallel, we are making a significant investment in developing an IoT trust framework that will lead to a voluntary code of conduct and likely certification program. With TRUSTe and more than 100 other organizations we are working to roll out a comprehensive framework to help vendors and developers address the IoT threat landscape.
How have your organization’s goals/focus changed over the years to address evolving technologies or challenges?
It has been an evolution looking at privacy and security holistically while focusing on the data lifecycle, supply chain and flow. They are two sides of the same coin.
Looking ahead, what are the most important data privacy issues/concerns you think need to be addressed by the industry and/or government legislation?
Self-regulation is failing as trade groups and advocates have become polarized. Collectively we must be willing to make changes today for the long-term benefit of consumer and industry alike. We remain supportive of Federal legislation in data beach, security and privacy — setting a high bar without preempting State Attorney Generals from enforcement. At the same time we need greater accountability. We need to empower the FTC and FCC to take action and fine companies who are failing to protect consumers and their data.
What is the biggest current threat (to consumers or businesses?)
We are at the crossroads of a trust “tragedy of the commons.” The wild west of data collection and sharing without explicit consumer consent will have a long-term impact.
How do you think the Privacy Ecosystem will/needs to evolve over the next 3-5 years to be fit for purpose?
We need to move privacy from a legal discussion driven by attorneys focused on compliance to one of stewardships; being stewards of consumer’s data. Today the majority of privacy policies are focused on protecting companies vs. providing clear choice and control to consumers.
Tell us about your role at Online Trust Alliance. How did you start working in the privacy field and why do you enjoy it?
In 2003 at Microsoft I became the “postmaster” of Hotmail, faced with the need to balance security and privacy. This role evolved as we took to fighting phishing and developing integrated privacy enhancing features in the browser. At first I found privacy and those in the privacy role at Microsoft more of a hindrance then an asset. Overtime we learned how privacy could be a feature and strength and to leverage each other’s expertise and knowledge. Fast-forward to today and I find privacy and data protection becoming a key factor in many business decisions.
What do you wish more [people, business, etc.] knew about privacy?
Privacy (as well as security) is everyone’s job. We need to shift the discussion to the long-term impact to the consumer and make privacy a key product differentiator. Without it we will have a trust melt-down
Check out an overview of the Privacy Ecosystem Blog Series and stay tuned for more editions!