Thursday, April 17, 2014

Privacy Engineering: What Researchers Need to Know

McAfee Chief Privacy Officer Urges Insights Pros to Own Privacy and Big Data


By Marc Dresner, IIR


“The fantastic advances in the field of electronic communication constitute a greater danger to the privacy of the individual.” 
– Earl Warren, 14th Chief Justice of the U.S. Supreme Court, died 1974

“Privacy is dead, and social media hold the smoking gun.” 
– Pete Cashmore, Founder and CEO of Mashable, born 1985

The fellas quoted above were, I believe, referring to opposing sides of the privacy coin: The former was talking about government surveillance of the Orwellian sort; the latter—taken from a 2009 blog post—spoke to people’s increasing compulsion to publicize their personal lives.

To distinguish between the two assumes there is a line that can be crossed, aka “informed consent.”

Privacy advocates have argued that informed consent is more or less a fallacy because the information needed to make a fully informed choice is largely inaccessible

But privacy advocates—including top security and legal experts—have argued that informed consent is more or less a fallacy, because the information needed to make a fully informed choice is largely inaccessible to the average person.

That’s “inaccessible” in three broad categories:

1.    Inaccessible by design—for legit* purposes (national security or law enforcement) and also for ethically questionable purposes (ex. Facebook’s privacy gaffes and antics).
*Sorry, but I’ll not kick the Edward Snowden beehive in this forum today.

2.    Inadvertently inaccessible, but fixable—Ex. privacy policies that can only be deciphered by lawyers or that will only be read by very patient, unusually suspicious people with lots of time on their hands.

3.    Inadvertently inaccessible, but unavoidable—the complex tangle of partnerships, affiliations, agreements and policy overlaps, oversights, contradictions, accidents, etc., that comprise our digital universe (it is called the Web, after all) make it practically impossible for someone to be completely informed of all the ways information about them may be or is being used.

The jury appears to be out when it comes to the ownership and control of all of those digital data points we generate

I’ll leave it to the intelligentsia (not used in the pejorative here) to debate whether or not we’re doomed to life in a digital panopticon, but the jury appears to be indefinitely out when it comes to the ownership and control of all of those data points we’re generating in the digital realm.

This much is clear: The privacy debate isn’t going anywhere; it’s just getting started.

People seem resigned to the fact that information about them is collected and used for purposes they aren’t aware of and might not consent to if they were

For the time being, people seem generally resigned to and even comfortable with the fact that information about them is being collected by unknown others and used in all kinds of ways for all sorts of purposes that we aren’t aware of and might not consent to if we were.

But for how long? It seems a tenuous peace at best.

I’ve attended sessions at two of FoCI’s sister events within the past six months—Foresight & Trends and Media Insights & Engagement, respectively—whose speakers warned their audiences that the sleeping giant is stirring.

All of this matters to insights jocks more than one might suppose.

Consumer researchers work hard to build and maintain respondents’ trust, and I think most would agree that there’s no privacy bugaboo in taking surveys, participating on panels, etc.

But even if transparent, double opt-in instruments are still the primary source of consumer intelligence—debatable—they’re certainly not the only source.

We have Big Data now, pulled from across the digital universe. The sheer breadth of sources without a doubt increases the likelihood that we’ve violated someone’s privacy.

As consumer insights become increasingly dependent upon and intertwined with technology, we find ourselves in a precarious position

So as the consumer intelligence field becomes increasingly dependent upon and intertwined with technology, we find ourselves in an increasingly precarious position because we cannot be guaranteed that the data we’re collecting and analyzing was captured with informed consent.

Moreover, research professionals cast in the traditional mold aren’t the only ones accessing and using these data. We’re not necessarily the gatekeepers and we can’t always know which information from even our own internal databases is being used, how and by whom.

That is the domain of the chief privacy officer, or in lieu of a CPO, typically a mishmash of IT and legal folks.
Michelle Dennedy

Enter Michelle Dennedy, VP and Chief Privacy Officer at McAfee, and co-author of “The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value.”

Dennedy is a top authority whose credentials straddle the legal and technological aspects of data security and privacy.

She and co-authors Jonathon Fox and Thomas Finneran have developed a new model: “privacy engineering,” which endeavors to operationalize privacy and embed it in the products and processes companies use, buy, create and sell. 

“Privacy engineering is a way to build respect for information about people back into our infrastructure and to think about data from the consumer perspective”

“Privacy engineering is a way to build respect for information about people back into our infrastructure and to think about data from the consumer perspective,” Dennedy told The Research Insighter.

This is particularly important to the Future of Consumer Intelligence audience because companies are increasingly looking outside the research function to data scientists to manage Big Data.

The approach outlined in “The Privacy Engineer’s Manifesto” appears to offer a blueprint consumer researchers can use to insinuate themselves in the fundamental discussions that shape not only privacy policy and practice, but the manner and extent to which companies harness Big Data moving forward.

(Full disclosure: I have not yet read the book, but I’ve researched it thoroughly and rest assured you don’t need to be an IT specialist to understand it.) 

“At best, most companies probably leverage maybe 1-2% of the true import of data through analytics that count,” noted Dennedy.

“A lot of Big Data analytics are wrong because they fail to address the true business problem, a human problem.”

“I think a lot of these Big Data analytics are wrong or bad,” she added, “because they fail to address the true business problem, and by that I mean a human problem.”

“Researchers tend to understand the business case and how data should be leveraged,” she observed.

According to Dennedy, it’s time for researchers to step up and reach out to their counterparts in functions they may not normally work with, even if it means taking on projects outside their current purview.

“Consumer and marketing researchers become quintessentially important when they carry insights across the aisle,” Dennedy said.

“Make sure those customer insights and pain points are part of the equation from the start.”

In this podcast for The Research Insighter—the official interview series of the Future of Consumer Intelligence (FoCI) conference—Dennedy discusses:

• “Privacy engineering”—what it is and why it matters

• The problem with Big Data

• Applications and implications for large and small companies, alike

• What researchers can do today to get involved, and more!



Editor’s note: Michelle Dennedy will present “The Privacy Manifesto” at The Future of Consumer Intelligence Conference taking place May 19-21 in Universal City, California.

SAVE 15% on your registration to attend The Future of Consumer Intelligence when you use code FOCI14BLOG. 

Register here today!

For more information, please visit www.futureofconsumerintel.com

  
ABOUT THE AUTHOR / INTERVIEWER 
Marc Dresner is IIR USA’s sr. editor and special communication project lead. He is the former executive editor of Research Business Report, a confidential newsletter for the marketing research and consumer insights industry. He may be reached at mdresner@iirusa.com. Follow him @mdrezz.

No comments: