RSA Conference – April 20, 2009

Jules will be participating in the Executive Security Action Forum, held in conjunction with the RSA Conference in San Francisco on April 20, 2009. The Executive Security Action Forum (ESAF) is an association of senior executives who are responsible for protecting information for Global 1000 companies and government. Membership in the Forum includes executives such as Chief Information Security Officers, Chief Privacy Officers, Chief Risk Officers, and Chief Information Officers. ESAF enables these leaders from the private and public sectors to share insights, discuss key issues, and find actionable solutions to today’s information security challenges. Chris will also be speaking at the conference on April 24, 2009. For more information about the RSA Conference please go to: http://www.rsaconference.com/ESAF.aspx

TRUSTe Webinar – March 30, 2009

Jules will be participating in the TRUSTe Webinar on March 26, 2009. The webinar will explore how advertising has supported the Internet’s remarkable growth and seems to represent a viable revenue stream for many sites for the foreseeable future. The Internet offers the potential of perfect targeting – delivering just the right ad to each user. But does targeting the right ad require knowing a lot about individual users? Will privacy concerns prompt policymakers to regulate? How can participants in the online advertising eco-system afford notice and otherwise comply with basic privacy principles?

TRUSTe Webinar: Regulating the Online Behavioral Advertising Eco-System

When: Monday, March 30, 2009 – 11am-12pm PDT/2pm-3pm EDT

Description: How can online behavioral advertising be managed and regulated to benefit both consumers and businesses? Leading online experts discuss why policymakers are now getting involved and how industry can answer the call for effective self-regulation.

Details and sign up below.

http://web.archive.org/web/20090715151449/http://www.truste.org:80/about/events.php?

White House Cookies: Proposed Practices For Government Agencies Seeking to Optimize Web sites while Ensuring Citizen Privacy

In January, the Future of Privacy Forum released a set of priorities for the new administration. Among the issues we raised was the need to update the old Office of Management and Budget policy which severely limits agencies from using permanent cookies to optimize Web sites. No “my.epa.gov” or “my.whitehouse.gov” unless you log in each time, no shopping carts that you can return to the next day, and no useful analytics that can be used to improve the Website structure or content – without significant hurdles such as the approval of the Secretary of the agency (or his designee). We raised some general principles for a new policy, but here try to present further detail. Thoughts on this draft are welcomed. We will provide the final version to the White House Office of Science and Tech Policy for input into their efforts related to the President’s Transparency and Open Government Memorandum.

Additional resources:Articles by Chris Soghoian, the original DoubleClickepisodeleading to the policy and commentary byAlissa Cooperof CDT.

Please comment or email with your ideas to improve the draft below.

DRAFT

Ensuring that Interactive Tools used by Government Provide Users with EnhancedTransparency and Controls for Data Collection and Retention Analytics, Research or Others Using Cookies, Tracking Pixels or Other Tools

  1. Delete log-files after a defined period of time.
    1. Data rention periods for “non-personal” log-files vary widely across vendors, are not publicly disclosed and are rarely committed to contractually.
  2. Cookies should have limited expiration periods and should not be used to store information unprotected.
  3. IP addresses logged by vendors should be obscured or deleted as soon as possible.
    1. Some vendors can use and then immediately scramble IP addresses as they log them.
  4. The use of the tools and user options should be transparent and prominently explained.
  5. Consider implications of the use of “first party” White House domain for analytics, rather than “third party” domain, to avoid potential for unwanted correlation.
  6. Contractual representations barring use of data for purposes other than services contracted, other than aggregate reporting/

The Path to Transparency

Saul Hansell of the NY Times does a good job describing Google’s new behavioral advertising features. I would add one more company, WPP’s Safecount, to the list of those showing user’s their profiles. Safecount is in the research/analytics business, not directly in behavioral ad business, which is probably why Saul didn’t include them. However, the reality in the industry today is that all the data business models are beginning to converge as data collected on one platform is also available for other uses. Consider for example Revenue Science (now Audience Science) which started out serving individual sites, but now has expanded into also acting as a behavioral ad network.

One other point that we like about Safecount is the way their home page is structured to serve both individuals and businesses. Most ad networks or analytics companies have corporate sites geared toward recruiting new business partners, with a small privacy link at the bottom that leads to consumer privacy information. But individuals visiting an ad network home page aren’t looking to buy ads. Individuals visiting these sites are there to learn about how web surfing data is used and perhaps how to opt-out. Safecount sets a good example by recognizing the dual audience they serve and sets a great model for transparency by providing precious home page space to communicating with consumers. Data sites that aren’t ready to go as far as Safecount by splitting their home page between their two audiences might consider atleast putting their privacy link in a more visible location at the top of the page.

A more prominent communication about data use is certainly something every Web site ought to be considering, but companies in the data business who want to be more transparent should take particular note. Check out also the prominent “CONSUMER” tab on the Blue Kai home page and the Opt Out link on the TruEffect home page.

IAPP Cheers & Jeers Panel Survey Results

Recently, Chris and Jules hosted a panel discussion at the International Association of Privacy Professionals Privacy Summit 09. The panel entitled, “Cheers & Jeers: Who is Doing Privacy Right and Who Deserves Detention” featured a survey of information comprised of input from a preliminary online survey of privacy professionals. Members of the audience then voted on good and bad practices in which various organizations and corporations are currently engaging. At the end of the session Chris and Jules announced the “cheer” and “jeer” that received the most votes. You can find all of the survey results below.

IAPP Cheers & Jeers Panel Survey Results

Future of Privacy Forum Applauds Google’s Behavioral Advertising Announcement

FPF Co-Chairman and Director Jules Polonetsky today issued the following statement in reaction to Google’s announcement that it would begin to give users the ability to see and edit the information that it has compiled about their interests for the purposes of behavioral targeting, and provide users with the choice to opt out from interest-based advertising.

“Google’s new privacy and advertising measures are a good step forward to give users more transparency and control. With this step by Google, in addition to recent steps by companies like eBay, Yahoo! and BlueKai, we are finally seeing some real privacy progress in the area of behavioral advertising. The next step is for advertisers, agencies, and publishers to join in the efforts to provide innovative ways to give consumers greater control over the use of their information.”

International Association of Privacy Professionals Privacy Summit 09 – March 11 – 13, 2009

International Association of Privacy Professionals Privacy Summit 09

March 11-13, 2009

Washington, DC

http://www.privacysummit.org/

The Future of Privacy Forum is a proud sponsor of the IAPP Privacy Summit 09 and you can find us at the following breakout sessions this week:

Invest in privacy professionals to reclaim trust

By Trevor Hughes, executive director, International Association of Privacy Professionals

The enormous international focus on privacy is growing more urgent in the face of business and government pressure to get the economy moving again and restore trust in our most basic institutions. To help rebuild trust and bolster bottom lines in a down market, it pays to prioritize privacy. The time is right to make smart investments in an organization’s privacy professionals-the experts in the eye of the storm that must work collectively to find the right solutions to privacy challenges.

The IAPP, which now boasts 6,000 members across 47 countries, is convening its annual Privacy Summit in Washington DC from March 11-13, 2009-the largest and most global privacy event in the world. Attendees will have the unique opportunity to interact with privacy regulators from Canada, France, Spain, Israel, the UK, Italy, the U.S. and the experts who help shape their policies across 60 different educational and networking sessions. Keynote speakers include Frank Abagnale (of Catch Me if You Can fame), one of the world’s most respected authorities on forgery, embezzlement and secure documents as well as internationally renowned security technologist Bruce Schneier.

The Future of Privacy Forum will be strongly represented at this year’s Summit. Jules Polonetsky and Chris Wolf will be co-presenting a session entitled Cheers & Jeers: Who is Doing Privacy Right and Who Deserves Detention. Jules and Chris will also cover Behavioral Advertising Secrets: What Your Marketing and IT Team Didn’t Think You Needed to Know. Both topics should be big draws for the expected 1500 attendees at the Summit!

It’s this sort of event that advances our profession and helps privacy professionals work together to reclaim trust. Registration is open and we look forward to seeing you in DC.

Persistent Opt-Out Cookies

Future of Privacy Forum Applauds Yahoo for Enhancing Consumer Control of Cookies

FPF Co-Chairman and Director Jules Polonetsky today issued the following statement in reaction to Yahoo’s announcement that it would refresh the opt-out preferences of users across different computers and browsers, and re-set a new opt-out cookie if a user inadvertently deleted their opt-out cookie, for users who are signed in to Yahoo.

“Yahoo has emerged as one of the clear privacy leaders in the online advertising industry by continuing to innovate in improving user controls for behavioral advertising. The instability of the opt-out cookie is the Achilles heel of the behavioral advertising model and steps like this help ensure that user’s choices are more widely respected.”

“It is a credit to Yahoo that they are doing what they can, but the full solution will require the browser companies allowing sites to set a flag that consumers can use to more reliably record their privacy choices. Until users who express a choice can be assured that their preference will be respected, the behavioral advertising model will be at risk.”

Christopher Wolf's Presentation to the Canada Council of Chief Privacy Officers

Presentation to the Canada Council of Chief Privacy Officers 

Publish at Scribd or explore others: Presentations & Slid