Government officials tell companies at Web 2.0 Summit that they are asking for trouble if they collect data first and ask questions later.
10 Lessons Learned By Big Data Pioneers
(click image for larger view and for slideshow)
Would-be data miners were urged to dig carefully at the Web 2.0 Summit in San Francisco on Tuesday.
Ann Cavoukian, information and privacy commissioner of Ontario, Canada, and David Vladeck, director of the Federal Trade Commission's Bureau of Consumer Protection, took turns advising the entrepreneurs and business leaders in the audience to gather only data that's necessary and to do so in a way that respects user privacy.
Cavoukian advocated what she called privacy by design, building privacy protections into products because it's better business and better for consumers. Privacy and business interests are not a zero-sum game, she insisted. It can be a positive-sum game, where businesses can gain better, more actionable information by involving consumers in the process.
Businesses have a choice between privacy-by-design or privacy-by-disaster, she suggested.
"Privacy is about control," said Cavoukian. "The individual should control what happens to the information."
[ Facebook has been mentioned frequently at the Web 2.0 Summit because it has so much data. Ironically, its biggest problem may be that it presents users with too much information. ]
If Cavoukian's vision of proactive privacy protection represented the carrot, Vladeck described the stick. As the U.S. government's consumer privacy enforcer, Vladeck acknowledged that the business leaders in the audience didn't want to hear from him and he insisted that he didn't want to hear about them.
Don't collect data you don't need, urged Vladeck. "It's an albatross that can come back and really bite you," he said.
He urged entrepreneurs to familiarize themselves with privacy laws like the Children's Online Privacy Protection Act, which forbids the collection of personal information from children under 13 without parental consent. He cited the FTC's recent settlement with mobile app maker Broken Thumb Apps as an example of how companies can get in trouble when they fail to follow the law.
And lest anyone be tempted to ignore the call to self-regulate, Danny Weitzner, from the White House Office of Science and Technology Policy, spoke briefly to remind conference attendees that the openness of the Internet should not be taken for granted.
Those who have been paying attention to the global tide of Internet policy will know that the tradition of leaving the Internet loosely regulated is being reevaluated in various countries, he said. This is happening not just in countries like China but in European countries like Germany, he said.
The message coming out of these sessions was clear: Be careful with your data, or be prepared to deal with regulators.
Published: 2015-04-27 Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 188.8.131.52 iFix8, 6.0.4 before 184.108.40.206 iFix...
Published: 2015-04-27 IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 220.127.116.11, and 6.0.5 before 18.104.22.168 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...
Published: 2015-04-27 The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...
Published: 2015-04-27 The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 22.214.171.124 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Published: 2015-04-27 IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 126.96.36.199 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.