This document summarizes a panel discussion on enterprise tag management and website privacy and compliance. The panelists were Kevin Trilli, VP of Products at TRUSTe, and Craig Spiezle, Executive Director and President of the Online Trust Alliance. They discussed why privacy is important for businesses, trends in data breaches, how consumers take actions to protect their privacy, and challenges around mobile privacy, targeted advertising, and complying with regulations.
4. Privacy - Why Care?
Data driven economy – “Big Data”
Blurring of on & off-line data
Evolving definitions of PII
Consumer shift to mobile devices
Reliance on service providers & cloud services.
Increased sophistication of the cyber-criminal
– Competitors
#agility2013
5. Privacy impacts your customers
94% of Consumers Worry About Their Privacy Online
6%
A really important issue
that I think about often
39% A somewhat important
issue that I think about
55% sometimes
Not much of an issue / I
hardly ever think about it
#agility2013
Source: TRUSTe & Harris Interactive 2012 Consumer Privacy Survey (www.truste.com/resources)
7. Data privacy breakdowns hurt your business
2011 2011 2012
Google settles FTC charges over OnStar forced to reverse Delta sued by CA AG
“Google Buzz” privacy issues; location tracking policy for insufficient privacy
company gets 20-year oversight 2011 2011 following privacy outcry policy disclosures
period Netflix faces multiple Acquisition of Borders delayed
privacy lawsuits over its due to questions over privacy
data storage practices. rights of 46M email subscribers
2011
Playdom fined $3 million for violating 2011
children’s online privacy nebuAd settles $2.4
million privacy lawsuit
over behavioral targeting
practices
2011
Apple and Google weather “location 2011
gate” privacy scandal over their Broken Thumbs Apps settles FTC
mobile devices. Apple changes charges that it violated children’s
collection practices in response. privacy law – company is fined 2012
and forced to destroy the data Path social
network app
accessing address
books without
#agility2013 permission
8. OTA 2012 Data Breach Highlights
1478 breaches (Open Security Foundation)
– 26% due to internal losses
– 43% targeting non business entities
62.7 million records exposed (OTA)
97% avoidable (Symantec)
– 94% server exploits
– $194 cost per record
– $5.5 million average cost of each breach
$8.1 billion impact to U.S. businesses
(See pages 4-6)
#agility2013
9. Consumers Take Actions to Protect
Themselves
Frequency of Taking Precautions with Personal Information*
Refuse to allow companies to share my 67%
information with a 3rd party 76%
Manage my privacy choices by opting out of Online 27%
Behavioral Advertising 50%
Check for certification or seal that indicates privacy 41% 2011
approval by an outside organization 49%
2012
Check to make sure the website has a privacy 40%
statement 46%
39%
Read the privacy statement (if provided)
40%
N/A
Google the site and review their online ratings
28%
N/A
* Percentage
Ask friends if they think I should trust the site of respondents
21%
who answered:
“most of the
#agility2013 time” / “often”
Source: TRUSTe & Harris Interactive 2012 Consumer Privacy Survey (www.truste.com/resources)
11. Topic: Ad Privacy – Advertiser/Publisher
Why don’t you (your clients) utilize more targeted
advertising today?
a) ROI concerns
b) Implementation concerns
c) Privacy concerns
d) Not an issue – over 50% of ads already utilize targeting
e) Not sure
#agility2013
12. Consumers Reward Good Privacy Practices
with More Business
Agreement With Statements Related
To Online Advertising – option to opt out
5% 61%
I would be inclined to do more business with an
advertiser or publisher who gives me the option to 27% 40% 21%
opt-out of Online Behavioral Advertising
7%
Strongly Disagree Somewhat Disagree Neither Agree Nor Disagree Somewhat Agree Strongly Agree
#agility2013
Source: TRUSTe & Harris Interactive 2012 Consumer Privacy Survey (www.truste.com/resources)
16. Consumers Take a Variety of Steps to Protect Their
Personal Information With Apps
Steps to Determine Mobile App Privacy Trust
I research the app online 38%
I check to see if the app has a privacy
34%
policy
I read the privacy policy (if provided) 30%
I check to see if the app has a third
21%
party trustmark/seal
I ask friends 19%
I trust all apps 15%
#agility2013
Source: TRUSTe & Harris Interactive 2012 Consumer Privacy Survey (www.truste.com/resources)
17. Get a mobile privacy strategy
Questions to ask:
Do you have a privacy policy for
your mobile app/website?
Do you offer opt-out mechanisms
for mobile tracking?
What data are 3rd Party SDK’s
actually collecting & using?
Do you ask consumers for
permission before using their
mobile location data for marketing
purposes?
#agility2013
18. Topic: Kids
The Children’s Online Privacy
Protection Act (COPPA)
The law requires companies who
market to children (under 13) to:
Provide notice of what information
they collect
Obtain verifiable parental consent
before collecting or using
children’s data
Provide parental access to
information they’ve collected
about their child
Don’t forget about new forms of
PII (IP Addresses, Persistent IDs
etc)
#agility2013
19. EU Cookie Directive – consumers expect…
Expect companies to comply with the EU cookie directive
76% 82%
53% 62%
FR NL GB DE
Plan to only visit websites of companies who comply
44% 49%
33% 37%
GB NL FR DE
#agility2013
Source: TRUSTe & Harris Interactive 2012 Consumer Privacy Survey (www.truste.com/resources)
20. Discussion – Q&A
Kevin Trilli
VP Product
Truste
www.truste.com
Craig Spiezle
Chairman and President
Online Trust Association
www.otalliance.org
descahill@ensighten.com
#agility2013
21. Where are we today?
Breaches are a daily occurrence, but the lack of
planning is unacceptable.
W3C DNT polarization
Wild West of data collection
Power of Cloud, Mobile & “Big Data”
Privacy & surveillance concerns increasing
Codes of Conduct
International Pressures (EU, Article 29)
#agility2013