At the StampedeCon 2013 Big Data conference in St. Louis, Anthony Martin, Chief Privacy and Information Security Counsel at Walmart, presented Big Data and Big Law at Walmart. This is the story of one global, multichannel company’s walk through the increasingly complicated Legal, Compliance, Security maze while trying to recognize the implicit value of Big Data programs.
11. Big
Data
eCommerce
Supply
Chain
POS
Real
Estate
Disaster
Recovery
Legal
HR
Social
12. These
databases
will
grow
to
connect
every
individual
to
at
least
one
closely
guarded
secret.
…
And
these
companies
are
combining
their
data
stores,
which
will
give
rise
to
a
single,
massive
database.
I
call
this
the
Database
of
Ruin.
-‐Paul
Ohm
13. Costs
of
Incidents
Source:
Privacy
Rights
Clearinghouse,
“Chronology
of
Data
Breaches,”
*Does
NOT
include
goodwill
14.
15.
16. Third
Party
Sources
• Credit
• Insurance
Consumer
Reports/
FCRA
Card
Brand
Rules
• Payment
card
data
State
Law
Health
Care/
HIPAA
• Pharmacy
data
• Op+cal
data
• MoneyCenter
partners
Financial
Services
• State
health
privacy
laws
• Money
orders
• Check
cashing
• Banking
• Reloadable
cards
• See
all
overlapping
circles
(e.g.,
health,
financial,
electronic
communica+ons,
video,
marke+ng,
etc.)
• PII
generally
(biometric,
SSN,
fin.
acct
#,
gov’t
ID
#,
etc.)
• Loca+on
tracking
• State
financial
privacy
laws
(CA/VT,
GLB)
Electronic
Communica<ons/
ECPA
• Email
content
• Info
from
filter/
firewall
• URLs?
• State
anL-‐
wiretap
laws
• Experian?
• GE?
Walmart’s
/Sam’s
U.S.
Privacy
Policies
• All
consumer
personal
info
(collected
in-‐store
or
online
(includes
mobile
apps)
Other
Sources:
• Federal
Guidelines
o FTC
o DOC
o White
House
o FIPs
• Associa+on
Guidelines
o DMA
o MMA
o NAI
o IAB
o Etc.
Children
• Info
collected
online
from
kids
<
13
Interna<onal
• Essen+ally
any
informa+on
about
an
individual
• Audio/visual
purchase/
rental/viewing
Video/
VPPA
• State
video
privacy
laws
• Email
• Text/MSCM
• Postal
• Fax
Marke<ng
• State
DNC,
etc.
Other
• ???
• Info
via
Walmart
U.S.
websites
and
mobile
apps
Walmart’s
Interna<onal
Privacy
Policies
• Consumer
info
• Social
media
sites
• Business
Partners
• Info
&
AnalyLcs
Firms
22. NOTICE
Transparency.
Individual
Par+cipa+on.
Purpose
Specifica+on.
Use
Limita+on.
Data
Minimiza+on.
23. NOTICE
Transparency.
Individual
Par+cipa+on.
Purpose
Specifica+on.
Use
Limita+on.
Data
Minimiza+on.
24. COLLECT
• Right
to
collect?
• Privacy
STORE
• PAT
Safeguards
• Security
USE
or
SHARE
• Right
to
use
or
share?
• Privacy
Use
of
Data
Limited
to
Specific
Purpose
40. COLLECT
• Right
to
collect?
• Privacy
STORE
• PAT
Safeguards
• Security
USE
or
SHARE
• Right
to
use
or
share?
• Privacy
When
you
share,
you
keep
responsibility