Presentation is loading. Please wait.

Presentation is loading. Please wait.

Seamless Customer Experience: What Will It Take? Offering Security and Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario The Access.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Seamless Customer Experience: What Will It Take? Offering Security and Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario The Access."— Presentation transcript:

1 Seamless Customer Experience: What Will It Take? Offering Security and Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario The Access Group Toronto, Ontario March 3, 2005

2 Impetus for Change Growth of Privacy as a Global Issue EU Directive on Data Protection Increasing amounts of personal data collected, consolidated, aggregated Consumer Backlash; heightened consumer expectations

3 The New Debate: Privacy After 9/11 It’s business as usual: –Clear distinction between public safety and business issues – make no mistake –No reduction in consumer expectations –Increased value of trusted relationships

4 Consumer Attitudes Business is not a beneficiary of the post-9/11 “Trust Mood” Increased trust in government has not been paralleled by increased trust in business handling of personal information Privacy On and Off the Internet: What Consumers Want Harris Interactive, November 2001 Dr. Alan Westin

5 Information Privacy Defined Information Privacy: Data Protection –Freedom of choice; control; informational self-determination –Personal control over the collection, use and disclosure of any recorded information about an identifiable individual

6 What Privacy is Not Security  Privacy

7 The Foundation of Information Security The control of information on the part of data holders or their surrogates Functions: –Authentication –Authorization –Confidentiality –Data Integrity –Non-repudiation –Availability

8 The Privacy/Security Relationship Privacy relates to personal control over one’s personal information Security relates to organizational control over information These represent two overlapping, but distinct activities

9 Risk Management Security Risk Management –Owner of the data is assumed to be trusted –System design is trusted Privacy Risk Management –Custodian of data not considered trusted –System design not to be trusted - Eg. CAPPS II

10 Authentication Data Integrity Confidentiality Non-repudiation  Privacy; Data Protection  Fair Information Practices Privacy and Security: The Difference Security: Organizational control of information through information systems

11 Summary of Fair Information Practices Accountability Identifying Purposes Consent Limiting Collection Limiting Use, Disclosure, Retention Accuracy Safeguards Openness Individual Access Challenging Compliance

12 The Bottom Line Privacy should be viewed as a business strategy, not a compliance issue

13 The Promise  Electronic Commerce projected to reach $220 billion by 2001 WTO, 1998  Electronic Commerce projected to reach $133 billion by 2004 Wharton Forum on E-Commerce, 1999 Estimates revised downward to reflect lower expectations

14 The Reality of E-Commerce United States: e-commerce sales were only 1.6% of total sales -- $54.9 billion in 2003 U.S. Dept. of Commerce, Census Bureau, February 2004 Canada: Online sales were only 0.8% of total revenues -- $18.6 billion in 2003 Statistics Canada, April 2004

15 Lack of Privacy = Lack of Sales “Consumer privacy apprehensions continue to plague the Web. These fears will hold back roughly $15 billion in e-commerce revenue.” Forrester Research, September 2001 “Privacy and security concerns could cost online sellers almost $25 billion by 2006.” Jupiter Research, May 2002

16 The Business Case “Our research shows that 80% of our customers would walk away if we mishandled their personal information.” CPO, Royal Bank of Canada, 2003 Nearly 90% of online consumers want the right to control how their personal information is used after it is collected.

17 ISF Highlights Damage done by Privacy Breaches The Information Security Forum reported that a company’s privacy breaches can cause major damage to brand and reputation: –25% of companies surveyed experienced some adverse publicity due to privacy –1 in 10 had experienced civil litigation, lost business or broken contracts –Robust privacy policies and staff training were viewed as keys to avoiding privacy problems The Information Security Forum, July 7, 2004

18 It’s all about Trust “Trust is more important than ever online … Price does not rule the Web … Trust does.” Frederick F. Reichheld, Loyalty Rules: How Today’s Leaders Build Lasting Relationships

19 The High Road “When customers DO trust an online vendor, they are much more likely to share personal information. This information then enables the company to form a more intimate relationship with its customers.” Frederick F. Reichheld, Loyalty Rules: How Today’s Leaders Build Lasting Relationships

20 Translating Privacy Requirements into Technology

21 Technology and Privacy “The most effective means to counter technology’s erosion of privacy is technology itself.” Alan Greenspan, Federal Reserve Chairman

22

23 Hot Topics CIBC Privacy Breach Government of Ontario Privacy Breach Identity Theft

24 CIBC Privacy Breach West Virginia scrap yard operator alleges that since 2001, his telephone system has been deluged with confidential CIBC customer data (e.g. SSN, account no., client signature) Toll-free number was one digit different from an internal bank fax number Filed a lawsuit against CIBC claiming his business was ruined CIBC filed a court action accusing him of deliberately leaking customer data

25 CIBC Privacy Breach (cont’d) Bank acknowledges reports of the misdirected faxes dating back to February 2002 An e-mail message was sent to staff to check their fax machines The matter was not otherwise investigated or escalated to senior levels CIBC issued a formal apology and took remedial action (e.g. notification of individuals; fax number taken out of service) Federal Privacy Commissioner investigating

26 Privacy Breach: Government of Ontario Dec 16, 2004, IPC tabled Special Report to the Legislative Assembly of Ontario on the Disclosure of Personal Information by the Shared Services Bureau, Management Board Secretariat, and the Ministry of Finance 27,258 cheques, mailed under the Ontario Child Care Supplement Program, included the personal information of another recipient Government has committed to implementing all recommendations made by IPC

27 Recommendations Independent end-to-end audit of all functions, operations and privacy practices of the Shared Services Bureau Discontinue use of the SIN number and create a purpose-specific unique identifier Trial run printing of several sample cheques and manual examination, before each monthly printing of cheques and stubs

28 Identity Theft Identity theft occurs when someone uses your personal information such as your name, Social Insurance Number or credit card number without your permission to commit fraud or other crimes In 2003, more than 13,000 Canadians reported to Phonebusters that they were victims of identity theft but the actual, unreported numbers are probably much higher The Canadian Council of Better Business Bureaus estimates that identity theft costs the Canadian economy about $2.5 billion annually

29 Consumer Education Businesses must continue to educate consumers about identity theft A study released by the Ponemon Institute in November 2004 found that: –70% of consumers are willing to share their personal information or give the answer to a security question in response to an unsolicited phone call or email –61% don’t want to be forced to change their passwords to access their accounts –57% don’t want their accounts locked down after three failed attempts

30 Online Identity Theft: “Phishing” “Spoofed” emails or pop-up messages are used to lure consumers to fraudulent Web sites which mimic actual banks or credit card companies and attempt to trick them into divulging personal information such as their names, account numbers and passwords In November 2004, more than 1,500 fraudulent Web sites were reported to the Anti-Phishing Working Group From July to November 2004, there was a 28% average monthly growth rate in such Web sites

31 “Phishing” in Canada Phishers are targeting Canadian financial institutions and consumers but most Canadians are unfamiliar with “phishing” A survey released by Visa in November 2004 found that: –Only 16% of Canadians with a personal email account and Internet access were familiar with the term “phishing” –Nearly 60% admitted that they would likely provide personal information if requested through an email from their bank or credit card company –4% reported that they had actually been a victim of phishing

32 The Bottom Line The growth of the digital economy will ultimately be linked to how effective organizations can be in dispelling consumers’ privacy fears Protecting consumer privacy does not mean severing relationships with those customers. On the contrary it will help put customers at ease and will open up a world of valuable information that can only help in a competitive environment.

33 Final Thought “Anyone today who thinks the privacy issue has peaked is greatly mistaken…we are in the early stages of a sweeping change in attitudes that will fuel political battles and put once-routine business practices under the microscope.” Forrester Research, March 5, 2001

34 How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8 Phone: (416) 326-3333 Web: www.ipc.on.ca E-mail: commissioner@ipc.on.ca

Download ppt "Seamless Customer Experience: What Will It Take? Offering Security and Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario The Access."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,
Www.ipc.on.ca National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy? Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.

National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy? Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Protecting Yourself Against Identity Theft TSCPA Member Name, CPA Firm/Company Name.

Protecting Yourself Against Identity Theft TSCPA Member Name, CPA Firm/Company Name.
National Association of Student Financial Aid Administrators The following is a presentation prepared for NASFAA’s 2007 Conference in Washington, DC July.

National Association of Student Financial Aid Administrators The following is a presentation prepared for NASFAA’s 2007 Conference in Washington, DC July.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Www.ipc.on.ca The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Bell.

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Bell.
Harvard Privacy Lecture June 3, 2005 Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario The Economics of Privacy: Go Beyond Compliance to.

Harvard Privacy Lecture June 3, 2005 Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario The Economics of Privacy: Go Beyond Compliance to.
1 Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Go Beyond Compliance to Competitive Advantage: Good Privacy is Good Business DaimlerChrysler.

1 Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Go Beyond Compliance to Competitive Advantage: Good Privacy is Good Business DaimlerChrysler.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
Information and Privacy Commissioner/Ontario, © 2005 Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.

Information and Privacy Commissioner/Ontario, © 2005 Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.
Www.ipc.on.ca Preserving Privacy in a Security-Centric World Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Canadian Information Processing.

Preserving Privacy in a Security-Centric World Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Canadian Information Processing.
Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
1 Privacy by Design: Don’t Make Privacy An Afterthought – Build It In Convergence Expo 2005 Calgary, Alberta May 17, 2005 Ann Cavoukian, Ph.D. Information.

1 Privacy by Design: Don’t Make Privacy An Afterthought – Build It In Convergence Expo 2005 Calgary, Alberta May 17, 2005 Ann Cavoukian, Ph.D. Information.
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Similar presentations

Ads by Google