Posted in September 2013

Data Governance

Half Full or Half Empty: Is Your Business Viewing Privacy Through the Right Lens?

By Rafae Bhatti, CIPP/US

Data protection and privacy are urgent issues for both consumers and businesses. Customers increasingly worry whether their personal information is secure, while companies are concerned about protecting data and complying with regulatory requirements.

But are business leaders looking at the glass half empty? 

Posted in Data Governance
More from Rafae Bhatti

Big Data

What’s in a Name? Data Broker or Marketing Data Broker

By Nicole Tachibana, CIPP/US

The marketing industry has come under fire recently for its use of consumer data to provide ads and offers. There are a number of misconceptions at the heart of the issue. To begin with, we should correct the misperception that all data brokers operate the same. I don’t presume to understand the inner workings of each type of data broker, but marketing data brokers collect and use information to offer more relevant ads in a variety of channels. Federal Trade Commission (FTC) Commissioner Julie Brill said that data brokers (specifically naming only marketing data brokers- Acxiom, Experian, and Epsilon) are using “dossiers” to “determine the rates we pay [and] even what jobs we get.” However, the reality is that marketing data brokers use information for marketing purposes only.

More from Nicole Tachibana


I Don’t Know Which Will Go First—Rock ‘n Roll or Privacy

By Jedidiah Bracy, CIPP/US, CIPP/E

In an otherwise rambling, drunken session at Elektra Studios in 1969, the Doors recorded a blues-backed jam called “Rock is Dead.” Jim Morrison’s Nietzsche-influenced rant on rock’s death has been repeated by other musicians, reviewers and record store employees countless times. Punk is dead. Grunge is dead. Hip hop? Yeah, that too.

But the phrase is not particular to the modern music tradition.

More from Jedidiah Bracy

Employee Privacy

I Spy With My Corporate Eye: The Employee Services Conundrum

By Ruby A. Zefo, CIPP/US, CIPM

It’s a conundrum: companies want employees to be satisfied with their corporate services, but great user experiences in this context can require a certain amount of employee tracking that could affect employees’ views about workplace privacy. Even M doesn’t really want to know whether James Bond prefers his martini shaken, not stirred, but it may be incidental to the CCTV cameras in the MI6 café that keep assassins at bay! Companies have to manage potentially complex trade-offs between employee privacy, company security, and user experience, including services such as BYOD programs, context-aware apps and even call monitoring for quality assurance.

More from Ruby A. Zefo

Do Not Track

IAPP Westin Research Center

DNT 2.0: What Next for Policymakers?

Could the appointment of Justin Brookman of the Center for Democracy and Technology (CDT) and Carl Cargill of Adobe salvage the World Web Consortium (W3C) Do Not Track (DNT) process? Hopefully, all sides will work together to pursue an agreed-upon solution, since an implosion of the process, which seemed inevitable on Tuesday as the Digital Advertising Alliance (DAA) announced its departure from the group, would cast a long shadow over the prospects for multi-stakeholder resolutions to the burning privacy problems of our time.

More from Omer Tene

Privacy Technology

Why Privacy Pros Need To Look Beyond “Detective” Practices and Embrace Technology

By Nick Crown, CIPP/IT

As privacy professionals, we have the opportunity to help companies restore balance in the personal data ecosystem by considering the business needs of our employers as well as those of the individual. Many companies are reluctant to institute transformative changes, yet these changes could create an environment in which individuals feel good about sharing more data. Reluctance may stem from the belief that if you give consumers more choice and control, you risk losing the data you have already collected. However, numerous research studies continue to prove this is wrong. In fact, history will show that those who hoard data will eventually lose the data.

To give the individual control over the use of their data, our industry needs to look beyond static, “detective” approaches to privacy practices. Privacy Impact Assessments, privacy awareness training, and compliance auditing will always have a place, but we should embrace technology as an enabler of preventative privacy controls. And while technology cannot solve every privacy issue, it can get us closer to “walking the walk” of the “talk we talk” in privacy notices.

Posted in Data Protection
More from Nick Crown

Healthcare Privacy

On Where Health IT and Privacy Meet


The Eighth Annual National Health IT Week kicks off today with the slogan, “One Voice. One Vision: Transforming Health and Care.” This honorary week has been created by the Healthcare Information and Management Systems Society (HIMSS). HIMSS seems to lead efforts similar to the IAPP, even if the mission is different, and there is no doubt that our membership overlaps. HIMSS states that last year, more than 250 organizations participated in the week’s activities while also being recognized by President Obama and the U.S. Senate.

More from K Royal