Sur d’autres sites (8951)

• 4 Ways to Embed User Privacy & Data Security in Your Business

  15 juillet 2022, par Erin — Privacy

  Customer analytics undeniably plays a vital role for businesses. Product improvements, interface personalisation, content improvements, and creative advertising thrive on data. 

  Yet, there’s a fine line between being a customer-centred company and a privacy-violating one. 

  Due to ubiquitous online tracking, 62% of Americans now believe that it’s impossible to go about their daily lives without companies collecting data about them. Still, despite the importance of privacy in business for consumers, companies are reluctant to act. Privacy initiatives often stay on the back burner due to perceived complexity. That’s true to some extent.

  Privacy in business does assume complex technical changes to your data management. But to be a privacy-centred organisation, you also need to re-think your processes, practices, and culture. 

  Here are four ways to start your journey to better user privacy and data security. 

  1. Revise Your Data Collection Process to Gain Consumer Trust 

  The public is wary of sharing data with businesses because they are suspicious of its subsequent usage. 

  However, not all data collection is bad or wrong. In many cases, you need specific data for service delivery, compliance, or good-natured personalisation. 

  That’s exactly what consumers expect. Almost half of US consumers say they’d trust a company that limits the amount of personal information requested and only asks for data relevant to its products/services. 

  By limiting data collection and offering transparent data usage terms, you can : 

  • Reassure reluctant users to try your product or service — hence, boost conversions and sales. 
  • Retain existing audiences by gaining their trust, which leads to loyalty and higher customer lifetime value (CLV). 

  To gain consumers’ trust, implement proper consent and opt-out mechanisms. Then create educational materials about how you are collecting and using their data.

  2. Perform Data Mapping to Determine Where Sensitive Data Rests 

  Businesses are already pressed with an expanded cyber-security radar, courtesy of remote work, digital payment processing, IoT device adoption, etc. Yet, 41% of the executives don’t think their security initiatives have kept up with the digital transformations.

  Loopholes in security eventually result in a data breach. The average cost of a data breach looms at $4.24 million globally. The sum includes regulatory fines and containment costs, plus indirect losses in the form of reduced brand equity and market share. 

  Lax data protection in business also undermines consumer trust : 87% of consumers wouldn’t transact with a company if they had qualms with its security practices. 

  To improve your security posture, analyse where you are storing sensitive consumer data, who has access to it (internally and externally), and how you are protecting it. Then work with cybersecurity specialists on implementing stronger consumer security mechanisms (e.g. auto-log offs, secure password policy, etc) and extra internal security policies (if needed). 

  At the same time, start practising data minimisation. Ensure that all collected data is : 

  • Adequate – sufficient to meet your stated objectives 
  • Relevant – is rationally linked to the objectives 
  • Limited – no unnecessary data is collected or stored
  • Timely – data is periodically reviewed and removed when unnecessary 

  

  These principles prevent data hoarding. Also, they help improve your security posture and regulatory compliance by reducing the volume of information you need to safeguard.

  3. Do an Inventory of Your Business Tools

  Data leaks and consumer privacy breaches often occur through third parties. Because Google Analytics was deemed in breach of European GDPR in France, Austria and Italy, businesses using it are vulnerable to lawsuits (which are already happening). 

  Investigate your corporate toolkit to determine “weak links” – tools with controversial privacy policies, murky data collection practices, and poor security. 

  Treat it as a journey and pick your battles. By relying on Big Tech products for years, you might have overlooked better alternatives. 

  For example :

  • Matomo is a privacy-centred Google Analytics alternative. Our web analytics is compliant with GDPR, CCPA, and other global privacy laws. Unlike Google Analytics, we don’t exploit any data you collect and provide full transparency into how and where it’s stored. Or if you want a simple analytics solution, Fathom is another great privacy-friendly option.

  

  • For online data storage, you can choose Proton Drive or Nextcloud (open-source). Or host your corporate data with a local cloud hosting provider to avoid cross-border data transfers.

  

  Aim to progressively replace Google products with more privacy-centred alternatives. 

  4. Cultivate a Privacy-Centred Corporate Culture 

  To make privacy a competitive advantage, you need every team member (at every level) to respect its importance. 

  This is a continuous process of inspiring and educating your people. Find “privacy ambassadors” who are willing to lead the conversations, educate others, and provide resources for leading the change. 

  On an operational level, incorporate privacy principles around data minimisation, bounded collection, and usage into your Code of Conduct, standard operating procedures (SOPs), and other policies. 

  Creating a privacy-centric culture takes effort, but it pays off well. Cisco estimates that for each dollar spent on privacy, an average organisation gets $2.70 in associated benefits. Almost half (47%) of organisations gain 2X returns on their privacy initiatives.

  Moving Forward with a Data Privacy Programme 

  Privacy has become a strong differentiator for brands. Consumers crave transparency and ethical data usage. Regulators mandate limited data collection and proper security mechanisms.

  But sweeping changes are hard to implement. So start small and go one step at a time. Understand which first-party data your company collects and how it is stored.

  Then look into the tools and technologies you are using for data collection. Do these provide sufficient privacy controls ? How are they using data collected on your behalf ? Finally, move to wider transformations, pertaining to data management, cybersecurity, and cultural practices. 

  Be consistent with your effort — and eventually, all the pieces will fall into place. 

• Open letter to the European Parliament’s LIBE committee

  28 novembre 2019, par Joselyn Khor — Uncategorized

  An open letter to the European Parliament’s LIBE committee

  

  In an effort to stem the tide of external control over user privacy, Matomo has rallied with other like-minded companies like Protonmail, NextCloud, Tutanota and Mailfence, to advocate for pro-privacy changes to the European Commission’s “e-evidence” proposal.

  Excerpt from the letter : 

  “The Commission’s e-evidence proposal threatens the competitive advantage European tech businesses have over their American counterparts by undermining the protections we can provide to our customers. It breaks with the long-standing rule that only trusted national judicial authorities can order companies to hand over customer data for criminal investigations. Instead, the Commission’s e-evidence proposal would allow any foreign law enforcement agency from across the EU to force us to hand out customer data without our own authorities doublechecking the foreign order.

  “Different from American Big Tech firms, European privacy tech companies lack the resources to verify the legality of each foreign order. Because of the way the e-evidence proposal is phrased, we would not even be able to properly authenticate foreign authorities to ensure that we are not replying to a malicious actor – let alone object to an order if we found it to be unwarranted.”

  Matomo Founder, Matthieu Aubry emphasises, “It is time that privacy-minded tech companies work together to defend their users, their businesses, and the values they are founded on. This is why we are supporting Privacy Tech Europe.”

  Read our open letter to members of the LIBE Committee in full.

• My journey to Coviu

  27 octobre 2015, par silvia

  My new startup just released our MVP – this is the story of what got me here.

  I love creating new applications that let people do their work better or in a manner that wasn’t possible before.

  My first such passion was as a student intern when I built a system for a building and loan association’s monthly customer magazine. The group I worked with was managing their advertiser contacts through a set of paper cards and I wrote a dBase based system (yes, that long ago) that would manage their customer relationships. They loved it – until it got replaced by an SAP system that cost 100 times what I cost them, had really poor UX, and only gave them half the functionality. It was a corporate system with ongoing support, which made all the difference to them.

  The story repeated itself with a CRM for my Uncle’s construction company, and with a resume and quotation management system for Accenture right after Uni, both of which I left behind when I decided to go into research.

  Even as a PhD student, I never lost sight of challenges that people were facing and wanted to develop technology to overcome problems. The aim of my PhD thesis was to prepare for the oncoming onslaught of audio and video on the Internet (yes, this was 1994 !) by developing algorithms to automatically extract and locate information in such files, which would enable users to structure, index and search such content.

  Many of the use cases that we explored are now part of products or continue to be challenges : finding music that matches your preferences, identifying music or video pieces e.g. to count ads on the radio or to mark copyright infringement, or the automated creation of video summaries such as trailers.

  

  This continued when I joined the CSIRO in Australia – I was working on segmenting speech into words or talk spurts since that would simplify captioning & subtitling, and on MPEG-7 which was a (slightly over-engineered) standard to structure metadata about audio and video.

  In 2001 I had the idea of replicating the Web for videos : i.e. creating hyperlinked and searchable video-only experiences. We called it “Annodex” for annotated and indexed video and it needed full-screen hyperlinked video in browsers – man were we ahead of our time ! It was my first step into standards, got several IETF RFCs to my name, and started my involvement with open codecs through Xiph.

  Around the time that YouTube was founded in 2006, I founded Vquence – originally a video search company for the Web, but pivoted to a video metadata mining company. Vquence still exists and continues to sell its data to channel partners, but it lacks the user impact that has always driven my work.

  As the video element started being developed for HTML5, I had to get involved. I contributed many use cases to the W3C, became a co-editor of the HTML5 spec and focused on video captioning with WebVTT while contracting to Mozilla and later to Google. We made huge progress and today the technology exists to publish video on the Web with captions, making the Web more inclusive for everybody. I contributed code to YouTube and Google Chrome, but was keen to make a bigger impact again.

  The opportunity came when a couple of former CSIRO colleagues who now worked for NICTA approached me to get me interested in addressing new use cases for video conferencing in the context of WebRTC. We worked on a kiosk-style solution to service delivery for large service organisations, particularly targeting government. The emerging WebRTC standard posed many technical challenges that we addressed by building rtc.io , by contributing to the standards, and registering bugs on the browsers.

  Fast-forward through the development of a few further custom solutions for customers in health and education and we are starting to see patterns of need emerge. The core learning that we’ve come away with is that to get things done, you have to go beyond “talking heads” in a video call. It’s not just about seeing the other person, but much more about having a shared view of the things that need to be worked on and a shared way of interacting with them. Also, we learnt that the things that are being worked on are quite varied and may include multiple input cameras, digital documents, Web pages, applications, device data, controls, forms.

  So we set out to build a solution that would enable productive remote collaboration to take place. It would need to provide an excellent user experience, it would need to be simple to work with, provide for the standard use cases out of the box, yet be architected to be extensible for specialised data sharing needs that we knew some of our customers had. It would need to be usable directly on Coviu.com, but also able to integrate with specialised applications that some of our customers were already using, such as the applications that they spend most of their time in (CRMs, practice management systems, learning management systems, team chat systems). It would need to require our customers to sign up, yet their clients to join a call without sign-up.

  Collaboration is a big problem. People are continuing to get more comfortable with technology and are less and less inclined to travel distances just to get a service done. In a country as large as Australia, where 12% of the population lives in rural and remote areas, people may not even be able to travel distances, particularly to receive or provide recurring or specialised services, or to achieve work/life balance. To make the world a global village, we need to be able to work together better remotely.

  The need for collaboration is being recognised by specialised Web applications already, such as the LiveShare feature of Invision for Designers, Codassium for pair programming, or the recently announced Dropbox Paper. Few go all the way to video – WebRTC is still regarded as a complicated feature to support.

  

  With Coviu, we’d like to offer a collaboration feature to every Web app. We now have a Web app that provides a modern and beautifully designed collaboration interface. To enable other Web apps to integrate it, we are now developing an API. Integration may entail customisation of the data sharing part of Coviu – something Coviu has been designed for. How to replicate the data and keep it consistent when people collaborate remotely – that is where Coviu makes a difference.

  We have started our journey and have just launched free signup to the Coviu base product, which allows individuals to own their own “room” (i.e. a fixed URL) in which to collaborate with others. A huge shout out goes to everyone in the Coviu team – a pretty amazing group of people – who have turned the app from an idea to reality. You are all awesome !

  With Coviu you can share and annotate :

  • images (show your mum photos of your last holidays, or get feedback on an architecture diagram from a customer),
  • pdf files (give a presentation remotely, or walk a customer through a contract),
  • whiteboards (brainstorm with a colleague), and
  • share an application window (watch a YouTube video together, or work through your task list with your colleagues).

  All of these are regarded as “shared documents” in Coviu and thus have zooming and annotations features and are listed in a document tray for ease of navigation.

  This is just the beginning of how we want to make working together online more productive. Give it a go and let us know what you think.

  http://coviu.com/

  The post My journey to Coviu first appeared on ginger’s thoughts.