I attended a breakout panel on how the idea and usage of personal data are changing was moderated by Alan Marcus of the World Economic Forum (nice socks!), and included Richard Archdeacon of HP, Rob Walker from Pega and Matt Mobley from Merkel.
The focus is on customer data as it is maintained in an organization’s systems, and the regulations that now drive how that data is managed. The talk was organized around three key themes that are emerging from the global dialog: strengthening trust and accountability; understanding usage-based, individual-centric frameworks; and engaging the individual. Thoughts from the panel:
- Once you have someone’s data, you remain responsible for it even as you pass it to other parties
- Customer data management is now regulation-driven
- It’s not enough to restrict values in a customer data set; it’s now possible to derive hidden values (such as gender or race) from other values, which can result in illegal targeting: how much efforts should be put into anonymizing data when it can be easily deanonymized?
- Organizations need to inform customers of what data that they have about them, and how it is being used
- Consumers want the convenience offered by giving up their data more than they fear misuse of the data
- The true currency of identity for organizations is an email address and one other piece of data, which can then be matched to a vast amount of data from other sources
- The biggest consumer fear is data privacy violation from a security breach (about which is there is a high level of hysteria), but possibly they should be more afraid of how the companies that they willingly give the data to are going to use it
- Personal data includes data that you create, data that others create about you, and data that is inferred based on your activities
- Many people are maintained multiple identities on social media sites, curated differently for professional and personal audiences
- Personal health data, including genetic data, has an additional set of concerns since it can impact individual healthcare options
- Unresolved question of when personal data is no longer personal data, e.g., after a certain amount of aggregation and analysis occurs
- Issues of consent (by customers to use their data) are becoming more prominent, and using data without consent will be counter to the regulations in most jurisdictions
- Many smaller businesses will find it difficult to meet security compliance regulations; this may drive them to use cloud services where the provider assumes some degree of security responsibility
Food for thought. A lot of unresolved issues in personal data privacy and management.