Chapell & Associates

Monday, April 30, 2007

Data Bill of Rights

Last week John Battelle posted his latest version of his data bill of rights:

So, I submit for your review, editing and clarification, a new draft of
what rights we, as consumers, might demand from companies making hay off the
data we create as we trip across the web:

- Data Transparency. We can identify and review the data that companies
have about us. A sticky issue is whether we can also identify and review data
that is made about us based on other data the company might have. (IE, based on
your behavior, we at Amazon know you might also like....)

- Data Portability. We can take copies of that data out of the company's coffers and offer it to others or just keep copies for ourselves.

- Data Editing. We can request deletions, editing, clarifications of our data for accuracy and privacy.

- Data Anonymity. We can request that our data not be used, cognizant of the fact that that may mean services are unavailable to us.

- Data Use. We have rights to know how our data is being used inside a company.

- Data Value. The right to sell our data to the highest bidder.

- Data Permissions. The right to set permissions as to who might use/benefit from/have access to our data.

My first thought here is -- "Egad, how in the world does anyone harmonize this set of principles into their own business practices?" But leaving that aside for now, here are some thoughts.

First, I would add something about security. As the data owner, you have a right to expect that companies that have your data will properly safeguard it.

The concept of the consumer owning their own data is much more of a EU concept than a US one. Speaking of international, how does this concept play in Spain? In China?

Does this bill of rights (if implemented) kill the data broker business? If I allow a data broker to have my data, can I then limit their ability to transfer that data to only the third parties that I specify? If yes, that would seem to require an extremely complex permissioning system. (Oops, I'm back to talking about operational issues...)

And while I understand that under this bill of rights gives the consumer tremendous choice in theory, I wonder what happens when applied to real life. For example, I as a consumer would have a right to allow only one of the credit reporting agencies to have a file on me. But in order to get a mortgate recently I needed to provide the bank with my score from all three credit agencies. I suppose I could have asked the bank to use only one report, say from Equifax (they gave me the highest score.) However, by doing so, the bank is going to feel less comfortable about loaning me money. And when banks feel less secure, the APR goes up. So while in theory, I could use only one credit agency, doing so would cost me thousands of dollars on my mortgage. I'm in the privacy business and I'm not willing to make that trade off. Are you?

More on this later....
posted by Alan on Monday, April 30, 2007 | |

Eight Privacy Firms to Watch

Sorry for the delay between posts. Lot's going on these days. Anyway, here's an article penned by my colleague Jay Cline of Minnesota Privacy Consultants. Jay recently moderated a panel I was on for the IAPP's March Summitt. We were talking about privacy as a career path. I've always wondered why we don't see more privacy forge out on their own....

Also, here's the orignal Q/A for the article. As you can see, there were a good deal of edits.

What prompted you to start your own firm?
I recognized that there was a significant need for online, mobile and other interactive technology companies to improve the transparency of their practices, and demonstrate their adherence to best practice standards. Generally, companies want to do the right thing, but they oftentimes lack the operational acumen or subject matter expertise required to be in compliance. Chapell & Associates can and does act as a resource for those companies seeking to do the right thing.

What's different or unique about your firm?
One thing that really sets Chapell & Associates apart is our ability to ingratiate ourselves into the client’s organization. We’re able to build trust within multiple levels of an organization, and that level of trust fosters the necessary communication to fully understand our clients’ business. Moreover, it provides us with the necessary political capital to effect change as necessary.

What kind of engagements are your strength?
I think Chapell & Associates fares very well in the interactive and technology arenas. We come from that space, so we understand the culture, the pain points and the issues which are specific to those industries. Having said that, over the past year or so, we’ve received a good deal of positive interest from some more traditional companies as well.

What was the biggest surprise or lesson learned you had in running your own business in this space?
One thing I learned very early on in this business is that we need to have a high activity level in order to meet our goals. I speak with dozens of people who are starting up their own consulting businesses. Too often in startup situations, there’s an over-reliance upon your existing level of contacts – perhaps from your pre-consulting days. I recognize that there’s a certain comfort level in speaking with people that you already know. But in my experience, a pool of existing contacts will only take you so far. In fact, my business didn’t start to take off until I had spent months reaching out to literally hundreds of others in the privacy, marketing and technology fields. And even though many of the folks I’ve reached out to have not turned out to be clients, I’ve found those relationships to be invaluable to my business. So, my advice to anyone who is starting out in ANY consulting business – is reach out to the market makers. Figure out a way to insert yourself into the conversations that are positively impacting your industry. Once you fully understand the major players in a business ecosystem, and once you understand the pain points of that ecosystem, you’ll be in a great position to help address those pain points.

Where do you think the market is going in the next 2 years?
I believe in that the next few years will bring some form of comprehensive data privacy legislation at the Federal level. This will significantly change the privacy consulting landscape as we know it. On one hand, it will probably make this business a bit less dynamic. On the other hand, such a law will significantly increase the need for expertise in privacy.

Any other questions you'd like to pose and answer?
Thanks for the opportunity, Jay!
posted by Alan on Monday, April 30, 2007 | |

© 2005 by Alan Chapell & Associates LLC