Data Anonymization

April 16, 2013

Jim Rennie
Sr Product Counsel | TRUSTe

Recently, talk of “anonymizing” or “pseudo-anonymizing” data has been picking up, both publicly online and in private conversations with our clients.

There have been questions on what these terms mean, what they mean for user privacy, and the pitfalls around the practice.

Currently, “anonymizing” is not defined or clearly addressed in TRUSTe’s privacy program requirements.  However, we have developed an understanding of the practice over time that we apply evenly to all of the participants in our privacy programs.  We also provide guidance on privacy best practices to clients on this topic and other practices, which are not covered by our program requirements.

TRUSTe defines anonymizing as taking information that is currently Personally Identifiable Information (PII) and permanently turning it into non-identifying data.  We identify pseudo-anonymizing as taking data that is currently PII and turning it into non-identifying data that can be returned from its anonymized state to PII in the future.

One of the simplest forms of anonymization that takes place every day on nearly every website: analytics.  Services like Google Analytics take PII such as an IP Address combined with other detailed information, then anonymizes and aggregates the data to provide useful graphs such as the percentage of site visitors that use Mozilla Firefox.  In this situation, anonymization increases user privacy, because the site does not need to retain any PII to get the information they require. Read more “Data Anonymization”

Forrester Updates Their Report on Effective Privacy Program Measurements

March 28, 2013

Forrester’s report on effectiveness of privacy program measurement.

Forrester issued the latest revisions to the “Effective Privacy Program Measurements Report which draws from a wealth of analyst experience, insight and research through advisory and inquiry discussions with more than 50 Chief Information Security Officers. Additionally, end users, vendors, industry experts (including Verdasys and Varonis Systems) contributed to the report which was composed by the Security & Risk Professionals team at Forrester, including Ed Ferrara and Andrew Rose (Principal Analysts), Stephanie Balaouras (Vice President and Research Director) and Kelley Mak (Research Associate).

Forrester talks about how sensitive privacy issues are due to the emotional response that they trigger in consumers.

“Although most people probably can’t easily define it. However, they know they want their personal information to remain private unless they themselves release it, and they feel unnerved, even angry, when they feel a trusted party has breached their privacy. The emotional aspect makes it difficult to evaluate privacy concern: Directly asking about a privacy issue may result in an emotional and biased response.”

It is noted that “the emotional aspect of privacy makes both customer and employee privacy a critical issue for business and S&R professionals.” It results in an intense emotional reaction to your customer’s privacy being breached and, it becomes likely that you will lose their trust, confidence, and business. Read more “Forrester Updates Their Report on Effective Privacy Program Measurements”

7 Privacy Tips For Holiday Shoppers

December 03, 2012

Photo Source

With the holiday season just around the corner more consumers than ever will head to their computers, tablets, and smartphones to buy gifts online for friends and family.  A recent PriceGrabber survey found that 16% of US consumers intend to use their mobile devices this holiday season to view coupons, make purchases, and compare online prices with in-store deals.  In the UK, this activity would seem more common as Econsultancy recently reported that 39% of UK consumers say they will use their mobile device to check prices or product details.

In the hunt for the best deal you can take some simple precautions to protect your personal information online. The risk of identity theft, financial fraud, and spam are real, and the repercussions range from the mildly annoying to the downright devastating. A recent TRUSTe survey found that most consumers – 54% in the UK and 60% in the US – are more concerned about their privacy online than they were a year ago, so you’re not alone if you’re concerned.   Taking a few simple steps to protect your privacy and data can make all the difference in preventing these privacy pitfalls.

These seven privacy tips can help ensure that you have a successful and safe online shopping experience this holiday season. Read more “7 Privacy Tips For Holiday Shoppers”

Guest Post: Make Privacy a Strategic Asset for your Startup

June 06, 2012

Rob Banagale
Co-founder + CEO @ Gliph
@jetsetter

Image Credit

Startup accelerators are sprouting up across the globe with more seed-backed companies coming to market than ever before. Every startup is looking for a way to differentiate itself from competitors as it looks toward its first significant round of funding.

The best founders will recognize the rapidly shifting societal and legislative views toward privacy as both a disruption and an opportunity. While privacy evangelists (and even some mainstream publications) have been beating the privacy drum for some time, many founders nonetheless put it on the backburner, sometimes purposefully and sometimes inadvertently.

By doing this, many founders are failing to take advantage of the strategic asset that privacy can be for their startups. Privacy is one significant way of further differentiating your offering from competitors when pitching potential investors and venture capitalists (VC).

Begin with the Basics
In mobile technology, the word “design” is regularly applied to the visual styling of an application; how closely the app conforms to Apple’s Human Interface Guidelines; or even the overall user experience gained from interacting with the software. But don’t be fooled: the principles of Privacy By Design extend to the technical architecture and business of your startup. With careful application of the principles, you can position your company to reap the benefits of a new source of value creation. It starts with a privacy policy, and no, you don’t necessarily need a lawyer to write one. There are good, free privacy policy generators out there (like the one provided by TRUSTe, see here) that can help you create a mobile-friendly privacy policy.

Pro Tip: Prepare for tough questions about privacy by reading Ann Cavoukian’s 7 Foundational Principles of Privacy by Design and discussing them with your leadership team.

Hire with Privacy In Mind
When I hire an engineer, I begin asking about their feelings on privacy early in the interview process. Emphasizing privacy discussions during interviews has the dual-effect of revealing the prospective employee’s ethics and integrity and projecting to everyone the importance of privacy in the company. I’ve found that by discussing privacy issues with employees, I’m likely to get a better read on how (and if) they will contribute to the development of privacy as an asset for my company.

Pro Tip: Build a stronger team by discussing the concept of privacy while interviewing potential employees. Read more “Guest Post: Make Privacy a Strategic Asset for your Startup”

TRUSTe’s Privacy-by-Design Guidelines

March 02, 2012

Kevin Trilli | TRUSTe
VP Product
@squawkt22

Joanne Furtsch| TRUSTe
Dir. Product Policy
@privacygeek 

Photo Credit

The concept of privacy-by-design was first introduced by the Canadian Privacy Commissioner Ann Cavoukian as early as in 1990s. Since then, the importance of it in business has only increased over time. Almost every week, we see companies of all sizes in the news because of some privacy issue.  this often times creates brand and reputational damage for these companieseven when the facts are not as alleged.

Assuming most companies are not intentionally doing things wrong, what is happening?  The privacy landscape is changing.  A combination of governmental, media and academic pressure is changing the way privacy is monitored by the community at large.  There are now experts that are proactively looking for violations and using the mainstream media to get their message out quickly in a way to evoke change.  It is no longer the average consumer you need to consider in your risk calculation. Read more “TRUSTe’s Privacy-by-Design Guidelines”

Privacy Advice for Companies Using Social Networking Tools

October 03, 2011

Joanne Furtsch, CIPP, CIPP/C
Policy & Product Architect
@privacygeek

If you’re an online publisher or an ecommerce site you may use a range of social networking tools to enhance your company’s marketing and brand-building efforts.  Social tools likes those offered by Twitter, LinkedIn and Facebook enable people to rapidly share their activity on your site with their friends and they allow users to create a direct digital connection with your brand. However, there has been some concern recently around the potentially negative privacy impacts of these tools. TRUSTe recommends that you carefully consider privacy implications before integrating social networking functionality so you can both harness the power of these tools and build trust with your users. Read more “Privacy Advice for Companies Using Social Networking Tools”