Privacy by Design

Everyone that has kids—or ever was a kid—knows that the best way to avoid trouble is not to put yourself in a position where trouble is likely to find you in the first place. In the privacy realm, this means taking steps at the outset to minimize risk of exposure and mitigate the potential consequences of a breach or other inadvertent disclosure. The recently discovered database breach at Epsilon demonstrates how vulnerable personally identifiable information can be to unauthorized access and theft. For a third party vendor such as Epsilon, the consequences of these types of exposures are particularly wide reaching—potentially extending across an entire client base—exposing multiple brands not just to security concerns but to customer discontent. In the last couple of days, companies including Target, Kroger, TiVo, US Bank, Home Shopping Network, Ameriprise Financial, LL Bean, Visa Card, Brookstone, Walgreens, Disney Destinations, and Best Buy have notified their own customers about the breach.

Google trends shows a dramatic spike in searches for “Epsilon” in the last few days.

In its 2010 report on the protection of consumer privacy, the FTC emphasized the importance of “Privacy by Design”—an approach that proposes that privacy assurance cannot solely be based on compliance with regulatory frameworks but should ideally stem from organization’s default mode of operation. The FTC identified a number of substantive protections that it said were of “critical importance to consumer privacy.” Specifically, they called upon companies to put in place physical, technical and administrative safeguards to protect consumer information and to limit data collection to what is necessary for legitimate business needs. Only that data which is strictly necessary to accomplish the product goals should be collected and it should be retained for only such a period as it is relevant.

Companies that collect and store any consumer data should regularly review the sensitivity of the data, the size and nature of a company’s business, and the types of risk the company faces and develop appropriate safeguards based on those factors.  Most importantly, these discussions need to occur at the product design phase and not as an afterthought in response to a breach.

User discontent has flooded social media airwaves with anti-Epsilon epithets.

At RichRelevance, we have been vigilant since our formation in protecting consumer privacy. First, we endeavor to collect only that information that is strictly necessary to provide our industry-leading services. We do not collect personally identifiable information for use in our website recommendation or brand advertising services. Instead, we use non-personally identifiable information such as IP address, a unique customer ID number, the date and time of use of our services and users’ activity on our customers’ websites. This information is stored anonymously on servers that are protected with layered security and physical and logical separation from public servers. In the very limited circumstances where we do collect email addresses, we are careful to keep all data secure and separated from any public servers; data is transferred securely and privately and is not transmitted publicly. As a result of this careful planning and pruning, we reduce not only the risk of breach but also the consequences.

Share :
ABOUT THE AUTHOR
As General Counsel, Bill is responsible for all aspects of RichRelevance’s business and legal affairs. Before joining RichRelevance, Bill served as Vice President, Business Affairs and General Counsel of imeem, inc., a leading social media company where he was responsible for securing the world’s first on-demand, ad-supported music licenses from the major labels and music publishers. To continue reading Bill's profile click here.
Related Posts
1 Comment
  • Reply

    Bill,

    While I applaud you for taking a proactive approach to privacy and evangelizing the concept of privacy by design, something you said does concern me. First, I’m not questioning your company’s commitment to privacy but privacy by design calls for a higher level of assurance. In other words, truly building privacy into your system requires more than just promises, it requires provable audit-ability of the system. Statements such as “we are careful to keep all data secure and separated from any public servers;” suggest merely the promise of privacy. I also have to take issue with the notion that an IP address is not PII. While in and of itself it is not, with additional information it can be. Certainly some regulators see it this way. See http://www.washingtonpost.com/wp-dyn/content/article/2008/01/21/AR2008012101340.html

    Again, I appreciate the post but just be careful not to fall into the trap that so many do waving their hands and saying you’re doing PbD just because you say so.

Leave Your Comment