3PHealth Blog
Why Privacy cannot be a Web Service
Wednesday, June 6th, 2012
There’s a tendency when you have a hammer to think that everything looks like a nail. There’s plenty of “nails” out there to hammer with your web service, however Privacy isn’t one of them.
Why not?
In a nutshell – Because I want to be in control of the collection, flow and use of my data, AND I don’t want that data stored on a server anywhere where it’s open to others. What a web service does really well is to store and process lots and lots of data. Remember when Willie Sutton was asked why he robbed banks? The answer was simple – because it’s where the money is.
And that’s exactly the case when it comes to my private data. It’s far more profitable to the hackers to attack a data center rich with personal information than to try and access the data from my one device. They can access millions of records vs. a single record. Pretty much a no brainer when it comes to collect people’s valuable data.
Web services are springing up that store your private data for you, and then share that on an as needed basis with Web content providers that you authorize. Sounds pretty good so far (apart from the storage issue). They can charge a fee to manage your privacy. (Hmmm why can’t I manage my own privacy for nothing?)
But that’s not the problem – the problem is the content provider who you share the data with. You have no idea what they’re really doing with you data. What I want is a simple, easy to use solution that allows me to directly build a trusted relationship with a content provider and gives me a choice in how and what I share on a real time basis.
You don’t need an intermediary web service for that. And certainly not one that charges you for the privilege of storing your private data.
Choice – The Lynchpin to Online Privacy
Sunday, June 3rd, 2012
Choice – such a simple word, and yet so misunderstood when it comes to privacy. All I really want is a say in how people use my private data. I want to participate in the process vs. getting frozen out.
In the last few days Microsoft shipped the pre-release version of Windows 8. In doing so they stunned the online privacy community. There crime? They dared to make a choice for the user. In the browser they turned on the default setting for Do Not Track which offers the highest level of privacy.
Quelle Horreur (isn’t that awful). They made a choice for the consumer. The advertising community immediately launched a PR campaign decrying the approach. Let users make the choice on their own they screamed – and to some extent I have to agree. But (there’s always a but) you have to remember that Microsoft is a global OS company and ships their software to countries that have far more stringent privacy laws than ours. Nobody wants to ship an OS that by default opens them up to litigation.
And so they made a choice. In the US the W3C group tasked with coming up with a solution for online privacy is in a quandary. What should they do? Some want the default setting to be the same as Windows 8, and yet others (from the advertising community) argue for doing nothing (no settings are made).
I think we should add a single word here that can help us resolve this issue. “Informed” as in informed choice. If the W3C wants the default set to no settings, then they must offer a choice to the consumer when they go to install the browser.
Simply doing nothing is not a choice when it comes to privacy, and only perpetuates the already high levels of mistrust within the online community.
BYOD Privacy Policies – What’s Yours?
Wednesday, May 30th, 2012
With all the chatter about DNT and consumer privacy, it’s time to return to the enterprise and their challenges supporting BYOD. When the company approves the use of personal mobile devices, or, in some cases, requires it, policies must be put in place to protect everyone. The issues of who owns what data and who has control over the device are challenging IT, HR and legal departments across the globe.
In this article by CIO writer, Tom Kaneshige, BYOD: Time to Adjust Your Privacy Expectations, BYOD privacy is explored. Mr. Kaneshige addresses privacy versus security – what emails and contacts does the company own, what can they access and what are the legal ramifications? Do they have the right to audit employee device use to ensure that company confidential information is not downloaded without permission? This is a very different discussion than BYOD security, such as what happens to personal data if a company wipes a (supposedly) lost or stolen device. When you get to BYOD privacy, there are also issues of browsing restrictions. Your company may block social or adult site access by desktop browsers, but BYOD mobile devices are personal – or are they? Whose paying the bills, or at least a portion of the bill does matter.
So how do you allow your employees to be themselves when they are not working and be subject to employer policies while on the job? While no one product, service or process is going solve all the BYOD privacy and security issues, here are some good tips to get you started:
- Have a clear and concise BYOD policy
- Ensure that all employees read and sign that policy every time it changes
- At least once per quarter, re-iterate the privacy policies so nobody is surprised
- Make BYOD training a requirement for EVERYONE – including the executive team
- Consider a dual-browser strategy – the standard browser for personal use and a Choice ™ company branded browser for work
Choice makes it easy to programmatically manage your company’s privacy and compliance policies in a BYOD environment and helps reduce the challenges of supporting a BYOD policy within your organization.
Tracking Enablers: Did You Know About Widget Tracking?
Friday, May 25th, 2012
Just this past week Twitter announced its recent changes to service and that they would honor the upcoming Do Not Track (DNT) standard. Around the same time, a colleague of mine also noted that after visiting his Facebook profile, he notice the company was capturing non-Facebook site visit data whether or not he clicked on a Like button.
Curious as to why this happens? Well Twitter was kind enough to send me an email and be upfront about their policies, so being one of the few people who actually reads them, I thought I’d take a deeper look. There is so much to cover, but I’ll just focus on one of the many ways we are being tracked – typically without our knowledge:
Widget Data: We may tailor content for you based on your visits to third-party websites that integrate Twitter buttons or widgets. When these websites first load our buttons or widgets for display, we receive Log Data, including the web page you visited and a cookie that identifies your browser (“Widget Data“). After a maximum of 10 days, we start the process of deleting or aggregating Widget Data, which is usually instantaneous but in some cases may take up to a week. While we have the Widget Data, we may use it to tailor content for you, such as suggestions for people to follow on Twitter. Tailored content is stored with only your browser cookie ID and is separated from other Widget Data such as page-visit information. This feature is optional and not yet available to all users. If you want, you can suspend it or turn it off, which removes from your browser the unique cookie that enables the feature. Learn more about the feature here. For Tweets, Log Data, and other information that we receive from interactions with Twitter buttons or widgets, please see the other sections of this Privacy Policy.
In short – if you visit a page with with a “Like Button” or “Tweet” option, then all those social networks can see where you go, whether or not you are currently logged into them. Most reasonable people expect to be tracked ON the social site, but not OFF of it. So as the EU privacy directive builds up enforcement steam, and as you re-evaluate your Web strategy (not just your privacy policies), please be aware that if you use a social Widget (available as a free plug-in for most content management systems) on your site or blog (as we considered doing), you are subjecting your visitors to tracking – and I bet, like me (and the EU Commission, I suspect) – you didn’t even know it. See the share button, in the upper right corner?
Digital privacy is one of the most complex and challenging business issues today. The more we all know, the faster we can find a better balance between privacy and commerce – and deliver a great user experience in the process.
By the way, our social media “buttons” are images with links to our SoMe pages and not widgets. We are not knowingly sharing your data with anyone else on this site, however, our social sites do use “widgets” to read this blog and share posting information between them.
Privacy is about to get really expensive
Friday, May 25th, 2012
Tomorrow is the big day. The day the EU-Cookie directive goes into effect. Already people are talking about how expensive it will be to maintain compliance. Well folks they haven’t seen anything yet.
It’s not only expensive to be in compliance, you also have to think about the lost revenue that comes from being in compliance. I’ve been surfing around some EU sites and can already see the “banner-like” ads asking if you would like to Opt-In to having cookies on your device. I simply ignore them because there’s NO downside. Funnily enough my experience is IDENTICAL with and without the cookies.
Hmmm – think about that for a moment. An identical experience and I get to keep my privacy. I like it. But this is a #fail. What should be happening is that my experience gets better if I Opt-In.
So corporations are going to have spend money to be in compliance and loss money because they’re in compliance. Time to look for a solution that enables net new revenue from protecting my #privacy.