Difference between revisions of "Data privacy for organizations"

From DevSummit
Jump to navigation Jump to search
(Created page with "Data privacy *Themes from intros: Improving privacy unintended bad results Technology challenges, beyond CRM or website Security of data for community orgs Anonymizing tracki...")
 
 
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Data privacy
+
==Themes from intros:==
 +
* Improving privacy unintended bad results
 +
* Technology challenges, beyond CRM or website
 +
* Security of data for community orgs
 +
* Anonymizing tracking information
  
*Themes from intros:
+
==Ideas/guiding questions:==
Improving privacy unintended bad results
+
How we can do both?  Be respectful of people’s data & do business in a viable way
Technology challenges, beyond CRM or website
+
What conversations must we have in order to do this well? 
Security of data for community orgs
 
Anonymizing tracking information
 
  
*Ideas/guiding questions:
+
==Basic needs of data privacy, user agreements==
How we can do both?  Be respetuful of people’s data & do business in a viable way
+
Individual privacy – only protected type of privacy – but creates “small harms to large groups,”  (e.g. differential privacy = de-identifying data.  Can’t use race or gender for certain types of analysis (e.g. health). 
What conversations must we have in order to do this well?
+
 
 +
How can we do analytics on data in safe way?)
  
*Basic needs of data privacy, user agreements,
 
Individual privacy – only protected type of privacy – but creates “small harms to large groups,”  (e.g. differential privacy = de-identifying data.  Can’t use race or gender for certain types of analysis (e.g. health).  How can we do analytics on data in safe way?)
 
 
Some of these things already happen…
 
Some of these things already happen…
 +
 
Advertiser cannot target “African Americans,” but they might target a particular neighborhood, income bracket, etc.   
 
Advertiser cannot target “African Americans,” but they might target a particular neighborhood, income bracket, etc.   
 
“I can look at a population and determine a connection between smoking and cancer, without knowing whether any particular individual smokes or has cancer.”
 
“I can look at a population and determine a connection between smoking and cancer, without knowing whether any particular individual smokes or has cancer.”
 +
 
EU law forbids storage and collection of information with personal identifyers – potential starting point for discussion
 
EU law forbids storage and collection of information with personal identifyers – potential starting point for discussion
 +
 
How does anonymity effect equity?   
 
How does anonymity effect equity?   
 +
 
Aggregation is one way to de-personalize data
 
Aggregation is one way to de-personalize data
 +
 
Relational database
 
Relational database
  
*What do we want to do with data?  What are threats to storing data?
+
==What do we want to do with data?  What are threats to storing data?==
  
1. can sell them
+
# can sell them
2. can be solen
+
# can be stolen
3. company can use data in malicious ways
+
# company can use data in malicious ways
  
*Data minimization  
+
==Data minimization==
 
open-whisper systems : app developer, were asked by federal govt for IP addresses, but they did not have that info on their server.
 
open-whisper systems : app developer, were asked by federal govt for IP addresses, but they did not have that info on their server.
 +
 
Data travels – has a journey – need to consider threats at different moments in that journey.  When doing a survey, sharing data, etc.   
 
Data travels – has a journey – need to consider threats at different moments in that journey.  When doing a survey, sharing data, etc.   
  
*Storing data in encrypted form, encryption key stores separately,  data is only un-encrypted when its going to be used.   
+
==Storing data in encrypted form, encryption key stores separately,  data is only un-encrypted when its going to be used.==  
 
In EU, many companies having these conversations – impact assessments, data flow tools,  
 
In EU, many companies having these conversations – impact assessments, data flow tools,  
 
We should all be analyzing our use of data, privacy threats, etc.  
 
We should all be analyzing our use of data, privacy threats, etc.  
Privacy badger – EFF browser anynomization tool
+
 
Will be intereting to see how corporations will conform to new regulations
+
Privacy badger – EFF browser anynomization tool
 +
 
 +
Will be interesting to see how corporations will conform to new regulations
 +
 
 
Non-profits have cause for concern in protecting the privacy of their data, especially if they work with vulnerable populations
 
Non-profits have cause for concern in protecting the privacy of their data, especially if they work with vulnerable populations
 +
 
Can we use this event to have new discussions about the ethics of data privacy, there are some large companies that all of a sudden have interest and resources.
 
Can we use this event to have new discussions about the ethics of data privacy, there are some large companies that all of a sudden have interest and resources.
 +
 
Development of new tools that are being used by companies – some are crap, but there are some good tools also.
 
Development of new tools that are being used by companies – some are crap, but there are some good tools also.
Non-profits can use these tools as well, should also assess threats,
+
Non-profits can use these tools as well, should also assess threats
 +
 
 
Data brokers – share data amongst companies  
 
Data brokers – share data amongst companies  
  
*Analytics
+
==Analytics==
 
Website developers offer it, don’t want to use Google Analytics, but there are few other options
 
Website developers offer it, don’t want to use Google Analytics, but there are few other options
 +
 
Many forces are pushing nonprofits to risky practices (such as Google)
 
Many forces are pushing nonprofits to risky practices (such as Google)
 +
 
Some might that storing data without a clear agreement should be illegal…at least start the conversation here
 
Some might that storing data without a clear agreement should be illegal…at least start the conversation here
 
Foundations and funders should also understand how they might be compromising the communities they are wanting to support – pushing for greater data gathering, analystics, etc.  
 
Foundations and funders should also understand how they might be compromising the communities they are wanting to support – pushing for greater data gathering, analystics, etc.  
  
*Sharing best practices by nonprofits:  e.g. Archive the Internet, bay area nonprofit, anonymizes their data, lots of it
+
==Sharing best practices by nonprofits:  e.g. Archive the Internet, bay area nonprofit, anonymizes their data, lots of it==
 +
 
 
Not every nonprofit can hire someone with a professional understanding of data, but there should be a list of best practices, including risk assessments, etc.   
 
Not every nonprofit can hire someone with a professional understanding of data, but there should be a list of best practices, including risk assessments, etc.   
Do we trust large companies who are making promises about data privacy
+
 
 +
Do we trust large companies who are making promises about data privacy?
 +
 
 
MailChimp, for example, have expressed that they will voluntarily comply with GDPR (General Data Protection Regulation), but will small organizations be able to legally challenge if they don’t??
 
MailChimp, for example, have expressed that they will voluntarily comply with GDPR (General Data Protection Regulation), but will small organizations be able to legally challenge if they don’t??
 +
 
What do we do to remain functional as nonprofits?
 
What do we do to remain functional as nonprofits?
 +
 
In EU there are email providers that are showing up as viable alternatives
 
In EU there are email providers that are showing up as viable alternatives
  
*List of basic resources for data privacy
+
==List of basic resources for data privacy==
Data Ethics – nonprofit that consults around ethical data storage
+
* Data Ethics – nonprofit that consults around ethical data storage
EFF – “Who Has Your Back” Report: 5 questions for service providers that rate their stance on data privacy.  Also Report on Data anonymization
+
* EFF – “Who Has Your Back” Report: 5 questions for service providers that rate their stance on data privacy.  Also * Report on Data anonymization
Privacy Badger
+
* Privacy Badger
“Road map” webinars and toolkits for nonprofits and grassroots groups, how to create threat assessment, etc.  
+
* “Road map” webinars and toolkits for nonprofits and grassroots groups, how to create threat assessment, etc.  
Data Ethics canvas (similar to business model canvass) tool for thinking about what data you have, how you store it, what is the data’s life cycle, etc.  Creative Commons licensed.  
+
* Data Ethics canvas (similar to business model canvass) tool for thinking about what data you have, how you store it, what is the data’s life cycle, etc.  Creative Commons licensed.  
Connecting more nonprofits to resources like Capital One?   
+
* Connecting more nonprofits to resources like Capital One?   
Tactical Tech (Europe), Engine Room, consultants that will help non profits with issues of data, analytics, etc.   
+
* Tactical Tech (Europe), Engine Room, consultants that will help non profits with issues of data, analytics, etc.   
Digital Society Lab, Stanford, help for organizations that want to set up ethical data usage.  E.g. use agreement templates, etc.  [https://Digitalimpact.io]
+
* Digital Society Lab, Stanford, help for organizations that want to set up ethical data usage.  E.g. use agreement templates, etc.  [https://Digitalimpact.io https://Digitalimpact.io]
British govt has survey on data usage that provides recommendations
+
* British govt has survey on data usage that provides recommendations

Latest revision as of 23:09, 28 November 2017

Themes from intros:

  • Improving privacy unintended bad results
  • Technology challenges, beyond CRM or website
  • Security of data for community orgs
  • Anonymizing tracking information

Ideas/guiding questions:

How we can do both? Be respectful of people’s data & do business in a viable way What conversations must we have in order to do this well?

Basic needs of data privacy, user agreements

Individual privacy – only protected type of privacy – but creates “small harms to large groups,” (e.g. differential privacy = de-identifying data. Can’t use race or gender for certain types of analysis (e.g. health).

How can we do analytics on data in safe way?)

Some of these things already happen…

Advertiser cannot target “African Americans,” but they might target a particular neighborhood, income bracket, etc. “I can look at a population and determine a connection between smoking and cancer, without knowing whether any particular individual smokes or has cancer.”

EU law forbids storage and collection of information with personal identifyers – potential starting point for discussion

How does anonymity effect equity?

Aggregation is one way to de-personalize data

Relational database

What do we want to do with data? What are threats to storing data?

  1. can sell them
  2. can be stolen
  3. company can use data in malicious ways

Data minimization

open-whisper systems : app developer, were asked by federal govt for IP addresses, but they did not have that info on their server.

Data travels – has a journey – need to consider threats at different moments in that journey. When doing a survey, sharing data, etc.

Storing data in encrypted form, encryption key stores separately, data is only un-encrypted when its going to be used.

In EU, many companies having these conversations – impact assessments, data flow tools, We should all be analyzing our use of data, privacy threats, etc.

Privacy badger – EFF browser anynomization tool

Will be interesting to see how corporations will conform to new regulations

Non-profits have cause for concern in protecting the privacy of their data, especially if they work with vulnerable populations

Can we use this event to have new discussions about the ethics of data privacy, there are some large companies that all of a sudden have interest and resources.

Development of new tools that are being used by companies – some are crap, but there are some good tools also. Non-profits can use these tools as well, should also assess threats

Data brokers – share data amongst companies

Analytics

Website developers offer it, don’t want to use Google Analytics, but there are few other options

Many forces are pushing nonprofits to risky practices (such as Google)

Some might that storing data without a clear agreement should be illegal…at least start the conversation here Foundations and funders should also understand how they might be compromising the communities they are wanting to support – pushing for greater data gathering, analystics, etc.

Sharing best practices by nonprofits: e.g. Archive the Internet, bay area nonprofit, anonymizes their data, lots of it

Not every nonprofit can hire someone with a professional understanding of data, but there should be a list of best practices, including risk assessments, etc.

Do we trust large companies who are making promises about data privacy?

MailChimp, for example, have expressed that they will voluntarily comply with GDPR (General Data Protection Regulation), but will small organizations be able to legally challenge if they don’t??

What do we do to remain functional as nonprofits?

In EU there are email providers that are showing up as viable alternatives

List of basic resources for data privacy

  • Data Ethics – nonprofit that consults around ethical data storage
  • EFF – “Who Has Your Back” Report: 5 questions for service providers that rate their stance on data privacy. Also * Report on Data anonymization
  • Privacy Badger
  • “Road map” webinars and toolkits for nonprofits and grassroots groups, how to create threat assessment, etc.
  • Data Ethics canvas (similar to business model canvass) tool for thinking about what data you have, how you store it, what is the data’s life cycle, etc. Creative Commons licensed.
  • Connecting more nonprofits to resources like Capital One?
  • Tactical Tech (Europe), Engine Room, consultants that will help non profits with issues of data, analytics, etc.
  • Digital Society Lab, Stanford, help for organizations that want to set up ethical data usage. E.g. use agreement templates, etc. https://Digitalimpact.io
  • British govt has survey on data usage that provides recommendations