Posts

Showing posts with the label regulation

Trust is not a destination

Image
Trust is not a destination! The purpose of this thought piece is to bring together strategic thinking on data, governance and trust values into one argument. The recommendation is that boards need to wake up There are two existing models of trust that are relevant to business. Let’s call them “experience trust” and “emotional trust.” We are going to explore two new models of trust, explain why they are so disruptive and create a strawman as a way of thinking about the way forward. Experience trust  is simple to grasp. Think about using your bank card, pushing the brake pedal in a car, getting on a plane, charging your phone, posting a picture on Facebook, using a vape pipe, drinking water, taking a taxi, texting, etc. Every time you do something the ‘experience’ functions, within reason, as you expect it to. Expected feedback loops reinforce a message that whatever you use can be trusted. Society depends on experience trust. It makes life simple and convenient. As the old

Harm and how much you and your data is worth?

Image
    Overall if you read this lot – your data (digital footprint) remains as relatively worthless … whilst the inconvenience, annoyance and frustration of losing you data or identity is not added as a cost item. Real harm, as measured in financial terms is low as all wider impacts are ignored, such as time wasted on the phone, unintended consequences, the cost of rectification, unable to get pictures or content back.... etc How much are you worth to a cyber-criminal? How Much Your Stolen Data Is Worth to Scammers How Much Are You Worth To Mark Zuckerberg? The plummeting price of stolen personal data How much are you worth to Google? How Much is Your Data Worth? How much is your online data worth? How much is your data worth? Why Your Identity Is Worth $5,000  How much is your personal identity worth? Your ID Price Tag: The Cost of a Stolen Identity    

Who determines whose interests are best served by a machine?

Image
  In this blog I looked at algorithms and bias and asked who is in control …. http://www.mydigitalfootprint.com/algorithms-is-anyone-in-control I asked a rhetorical question " So the question is not if you can become an algorithm but how accurate can an algorithm model you! " Just thinking further on this topic and what is the order in which my interests should be best severed? ·         My as an individual - I code for myself based on my data and my desired outcomes - allows me to mis-represent myself ·         Me as a group of link minded people - we test the algorithm to determine if I (we) like or dislike the implied outcomes and they are refined ·         An organisation acts on my behalf to determine if harm is done and sets guide lines (best working practices) ·         A government sets up a regulatory body to provide guidance and enforce law ·         A programmer who is outside of my jurisdiction does what they like ·         A company who is outside of my control

If data is human - who sets the moral code and other ethical issue

Image
The BBC has a long term program called the moral maze hosted with Michael Buerk.  This was a good one exploring the issues of social media. http://www.bbc.co.uk/iplayer/episode/b01ntgw5/Moral_Maze_The_Moral_Code_of_Social_Media/ However, as we begin to employ more computer-controlled objects, cars, robots, and machines that need to operate autonomously in our real-time chaotic environment, situations will inevitably arise in which the software has to choose between a set of tragic, unpleasant, bad, even horrible, alternatives. Example 1. You’re driving along in your car which has an insurance protection system on and can see that a n uninsured poor driver is about to break a red light in front of you that will lead to a crash.  The automatic system takes over and you come to a sudden halt, however the person behind you now takes evasive action, swerves to avoid you and hits the same uninsured driver killing the person instead of you. Example 2. Your self-driving car crosses a bridge as

The right to be forgotten : lost in space in time

Image
Euro Security Experts Deem 'Right to be Forgotten' Impossible by  Justin Brookman December 4, 2012 Full version is here and worth reading: https://www.cdt.org/blogs/0412euro-security-experts-deem-right-be-forgotten-impossible ENISA comes to the same conclusion that we have: that a universal Right to be Forgotten is technically impossible on an open internet. It is simply not feasible to track down and erase all copies of factual information that had previously been made public. This is a welcome development, and hopefully will serve as a reality check against  magical thinking  that the Right to be Forgotten can easily be shoehorned onto the internet. ….. The Right to Erase Instead of a broad and impractical power to erase all iterations of controversial information, we’ve proposed instead that the Right to be Forgotten be reformulated as a more limited Right to Erase — if you choose to host or store data with a particular service provider (such as a cloud email service or a s

FTC's Second Kids' App Report Finds Little Progress in Addressing Privacy Concerns Surrounding Mobile Applications for Children

Image
Source: http://www.ftc.gov/opa/2012/12/kidsapp.shtm Kids' Data Still Collected, Shared without Parents' Knowledge, Consent The Federal Trade Commission issued a new staff report, “ Mobile Apps for Kids: Disclosures Still Not Making the Grade ,”   examining the privacy disclosures and practices of apps offered for children in the Google Play and Apple App stores.  The report details the results of the FTC’s second survey of kids’ mobile apps.  Since  FTC staff’s first survey of kids’ mobile apps in 2011 , staff found little progress toward giving parents the information they need to determine what data is being collected from their children, how it is being shared, or who will have access to it.  The report also finds that many of the apps surveyed included interactive features, such as connecting to social media, and sent information from the mobile device to ad networks, analytics companies, or other third parties, without disclosing these practices to par

Code of EU Online Rights

Image
Source: https://ec.europa.eu/digital-agenda/en/code-eu-online-rights As part of the Digital Agenda for Europe actions, the Code of EU online rights compiles the basic set of rights existing in EU legislation and related to the digital environment. The objective of the Code is to find simple explanations of their legal rights and obligations, set out in a transparent and understandable way. As foreseen in the Digital Agenda for Europe, this list of online rights and principles will be an important tool for inspiring trust and confidence among consumers and contribute to promote greater use of online services. These basic rights protect citizens and consumers for instance when using online services, buying goods online, and in case of conflict with their providers of these services. https://ec.europa.eu/digital-agenda/sites/digital-agenda/files/Code%20EU%20online%20rights%20EN%20final%202.pdf Personal Comment : just concerns me about who is managing the balance between real benefit for

Ceop targets sex offenders who try to hide their 'digital footprint' - highlights so many issues

Image
Source : http://www.childprotectionineducation.co.uk/blog/?p=933 Ceop plans to ramp up efforts to target child sex offenders who share indecent images of children and try to hide their “digital footprints” online In so many ways this highlights the nub of a dilemma… ·          illegal and morally wrong – ability to track/ trace and bring to justice. Versus ·          freedom of expression and free speech – if anyone can be tracked, how about those speaking out who need some level of anonymity Versus ·          access management and ability to identify – rightful control and controls Versus ·          wrongfully blamed, accused or judged and need ability to correct/ delete/ modify Versus ·          human rights protection – ability to provide some level of protection Versus ·          PII, privacy rights, data protection, laws, regulation and directives – compliance Versus ·          the right to be forgotten

Gary Kovacs @mozillagary from Mozilla: Tracking the trackers: TED talk

Extremely good TED talk… As you surf the Web, information is being collected about you. Web tracking is not 100% evil -- personal data can make your browsing more efficient; cookies can help your favourite websites stay in business. But, says Gary Kovacs, it's your right to know what data is being collected about you and how it affects your online life. He unveils a Firefox add-on to do just that.

"context is the key to privacy" is the up shot of the FTC Privacy Report + comment on expectations

Image
March 2012:  “context is the key to privacy” is the up shot of the FTC Privacy Report (free to download all 112 pages of it) However this misses a key point to me that is what you believe is context is different to what I think in context.  If we took 100 people to the cinema to watch a horror movie, whilst you will not get 1 unified view and you will not get 100 different views, you will end up with a range of views about the film and its content based on the views personal experiences and expectations.  There is lots of research about how you can change experience by change expectations. Maybe we should worry less about privacy and more about managing expectations as a way of setting policy.

The Effects of Data Breach Litigation - paper from the US

"Empirical Analysis of Data Breach Litigation," Sasha Romanosky Carnegie Mellon University - Heinz College of Information Systems and Public Policy David A. Hoffman Temple University - James E. Beasley School of Law; Cultural Cognition Project at Yale Law School Alessandro Acquisti Carnegie Mellon University - H. John Heinz III School of Public Policy and Management Source : http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1986461 Abstract: In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits from 2000 to 2010. We use binary outcom

The Effects of Data Breach Litigation - paper from the US

SSRN-id1986461.pdf " Empirical Analysis of Data Breach Litigation," Sasha Romanosky Carnegie Mellon University - Heinz College of Information Systems and Public Policy David A. Hoffman Temple University - James E. Beasley School of Law; Cultural Cognition Project at Yale Law School  Alessandro Acquisti Carnegie Mellon University - H. John Heinz III School of Public Policy and Management Source : http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1986461 Abstract: In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits f

The Effects of Data Breach Litigation - paper from the US

SSRN-id1986461.pdf " Empirical Analysis of Data Breach Litigation," Sasha Romanosky Carnegie Mellon University - Heinz College of Information Systems and Public Policy David A. Hoffman Temple University - James E. Beasley School of Law; Cultural Cognition Project at Yale Law School  Alessandro Acquisti Carnegie Mellon University - H. John Heinz III School of Public Policy and Management Source : http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1986461 Abstract: In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits f

The Effects of Data Breach Litigation - paper from the US

SSRN-id1986461.pdf " Empirical Analysis of Data Breach Litigation," Sasha Romanosky Carnegie Mellon University - Heinz College of Information Systems and Public Policy David A. Hoffman Temple University - James E. Beasley School of Law; Cultural Cognition Project at Yale Law School  Alessandro Acquisti Carnegie Mellon University - H. John Heinz III School of Public Policy and Management Source : http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1986461 Abstract: In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits f