by eleanor | Sep 25, 2015 | All Posts
Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy.
What is your organization’s role in the privacy ecosystem?
Marketing is a data-driven industry. But the technology that digital marketers have relied on for 20 years haven’t kept pace with all the complexity and fragmentation of today’s landscape. Signal helps advertisers and publishers collect, unify and activate their cross-channel data to deliver real-time, people-based marketing. An important part of powering people-based marketing is solving fundamental privacy and data collection challenges.
I have yet to talk to a marketer who wants to do anything other than provide amazing experiences to customers. Doing things that customers find privacy-invasive is simply incompatible with providing an amazing experience. That’s the challenge we’re focused on: helping brands to recognize and understand their always-on customers so they can delight them with truly engaging experiences — while always respecting their privacy choices.
What key goals/issues is your organization focused on tackling?
One of the big issues we’re working on right now is helping consumers set privacy preferences that are both durable and user-friendly. This is challenging in a cross-channel environment, where the patchwork of technology platforms has resulted in a patchwork of privacy settings that is confusing for consumers. The various systems don’t talk to each other, and opt-in and opt-out settings are buried inside of the browser or inside of your smartphone.
From a technology standpoint, Signal is focused on enabling data collection from any channel or device. We are committed to developing better privacy solutions, so we don’t limit our perspective to what you can do with cookies. But trying to move things forward is not always easy in an ecosystem with so much fragmentation.
“Privacy by design” is one of Signal’s founding principles. Privacy by design means that our platform was architected with certain values in mind: we don’t collect personally-identifiable information; we don’t co-mingle one brand’s consumer data with another’s; and we provide tools that give consumers transparency and choice regarding the collection and use of data. We hold these principles near and dear because Signal’s goal is to generate more trust and transparency around the data that’s being collected and shared across the desktop, mobile, email, point-of-sale and other channels.
(more…)
by eleanor | Sep 9, 2015 | All Posts
Over a hundred organizations are responsible for shaping the future of data privacy. In this series we profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy.
What is the IAPP’s role in the privacy ecosystem?
As the world’s largest privacy organization, our role in the privacy field is to help practitioners build and develop their careers. The IAPP works to define, support and improve the privacy profession globally while providing a forum for all those who touch data in their work to share best practices and advance privacy management. The IAPP is the place where privacy pros can find the people, tools and information management practices they need to excel in the field.
What key goals/issues is the IAPP focused on tackling?
With an ever-increasing amount of data being created and amassed both online and offline, and bringing with it ever-increasing privacy challenges, the IAPP is committed to growing and improving the quality of our education and training offerings—from our publications and web conferences to our on-the-ground trainings and information sessions at our events. For example, with the EU General Data Protection Regulation on the horizon, and predicted to have implications far beyond the EU’s borders, we’re focused on ensuring we’ll have the information, resources and training opportunities our members need available to them as this new era in privacy law comes into effect.
How has the IAPP’s focus changed over the years to address evolving technologies or challenges?
Since our founding in 2000, our mission has remained evergreen: to define, support and improve the privacy profession globally. And this mission has become more essential as our profession grows and we see previously unimagined technologies becoming commonplace just 15 years out. As new technologies emerge, the IAPP continues to gather resources, conduct and collaborate on new research and build education and training opportunities to provide privacy pros with the tools they need to understand and address those challenges.
(more…)
by eleanor | Aug 31, 2015 | All Posts
At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month.
This month on the blog we covered data breaches, ‘Right to be Forgotten,’ and the new IoT Trust Framework, among other topics. This was the second month of our new series featuring the leading players in the Privacy Ecosystem. Check out the list below for some of the most popular blog posts this month:
New IoT Trust Framework Addresses Privacy Risks & Guidelines
On Aug. 11, the Online Trust Alliance released its Internet of Things Trust Framework to address IoT privacy and security risks. The Framework provides guidelines for IoT manufacturers, developers and retailers to follow when designing, creating, adapting and marketing connected devices in two key categories: home automation, and consumer health and fitness wearables.
Popular Webinar Tackles How Privacy Practices Can Help Prepare for a Data Breach
In this blog post, we introduce our first webinar teaser video. You’ll be seeing more of these short clips in future blog posts. The idea is to let visitors to the blog watch a minute of blog content before downloading the full version.
13 Companies Settle with FTC for False US-EU & US-Swiss Safe Harbor Claims
On Aug. 17, 13 companies settled with the Federal Trade Commission (FTC) for falsely claiming they were certified and in compliance with the US-EU or US-Swiss Safe Harbor Framework. Compliance with the Framework means companies must follow established requirements for meeting adequacy standards to transfer customer or employee data from the EU or Switzerland to the U.S. Then, companies must self-certify with the Department of Commerce. The self-certification needs to be renewed annually.
Survey Compares American and British Opinions on the ‘Right to be Forgotten’
This blog post coincided with the release of a new survey about the ‘Right to be Forgotten.’ Both American and British adults were asked their thoughts about this ruling and the results were interesting. While more British online adults (44%), than American online adults (29%), think that the ‘Right to be Forgotten’ ruling allows for censorship, both American and British adults’ responses were similar when it came to what type of data they would request removed from company databases.
This month in the Privacy Ecosystem series:
Meet the Leading Players in the Privacy Ecosystem: Craig Spiezle, Executive Director & President, Online Trust Alliance
Meet the Leading Players in the Privacy Ecosystem: Daniel J. Solove, Founder, TeachPrivacy
Meet the Leading Players in the Privacy Ecosystem: Gabe Totino, President & CTO, AssertID
What else would you like to read about on the TRUSTe blog?
by eleanor | Aug 19, 2015 | All Posts
Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy.
What is your organization’s role in the privacy ecosystem?
AssertID provides a web-based self-serve consent platform for consumers, educators and businesses. The platform coordinates the consent process ensuring compliance with regulations such as COPPA and FERPA. It promotes transparency between the parties and encourages the use of best-practices so that businesses can act responsibly and consumers can have a degree of control in their online privacy.
What key goals/issues is your organization focused on tackling?
Consumers need to trust that their privacy is not being undermined when online. Businesses need to know that they can get access to information that is integral to providing their service. Our goal at AssertID is to create an effective communication & control channel between the consumer and the provider so that the consumer becomes engaged in privacy matters, and the provider has an opportunity to earn the consumer’s trust and business. We are currently concentrating on facilitating compliance with the COPPA and FERPA laws and engaging parents and educators with the goal of protecting children’s online privacy. This provides us with a good starting point to raise awareness about online privacy and get consumers to become more involved in protecting their privacy while online.
How have your organization’s goals/focus changed over the years to address evolving technologies or challenges?
Our focus has not changed considerably over the years. The goal remains the same – to be a catalyst in a movement where businesses become more responsible and open about their practices and consumers become more savvy about their privacy. To that end, we continue to keep abreast of new challenges that businesses face with compliance and continuously evolve the platform to remove any roadblocks they might present.
(more…)
by eleanor | Aug 12, 2015 | All Posts
Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy.
What is your organization’s role in the privacy ecosystem?
TeachPrivacy provides computer-based privacy training and information security awareness training to organizations in a wide array of industries. TeachPrivacy has FERPA training for schools, HIPAA training for healthcare providers and business associates, PCI training for merchants and others handling payment card data, and much more.
What key goals/issues is your organization focused on tackling?
Our goal is to provide training that really makes a difference. Training is one of the most important things an organization can do to mitigate the risk of having a data breach or a privacy incident. I founded TeachPrivacy because I thought that there was a better way to train employees about these issues – to really educate them, to show them why they should care.
My goal is to apply good teaching techniques to training. I learned a lot in teaching as a professor and in speaking to audiences of all types. I aim to create training that is engaging, concrete, vivid, and memorable.
How have your organization’s goals/focus changed over the years to address evolving technologies or challenges?
Our goals have remained stable – we are an education company. Our primary goal is to help organizations educate their workforce about privacy and data security. We want to make the best training we can create.
In the training I develop, I strive to use the techniques that work the best – using stories, interactivity, vivid imagery, varied styles and approaches, immersive experiences, activities, genuine passion, and memorable explanations. There is a timeless quality to these techniques. They have worked for thousands of years.
Looking ahead – what are the most important data privacy issues/concerns you think need to be addressed by the industry and/or government legislation?
It would take many books to answer this question. But one overarching point that I think is essential: The best legislation includes governance provisions – it requires a privacy and security officer, privacy and security programs, routine risk assessments, training, policies and procedures, etc. And there must be good enforcement. Laws without such provisions are often poorly followed.
(more…)
