In an effort to cut down on the theft of personal data, the new Privacy by Design Research Lab at Arizona State University will establish a virtual environment to work with industry leaders to create guidelines for businesses worldwide. Julie Smith David of ASU will talk about the new Privacy by Design Research Lab.
Ted Simons:
Arizona State University has developed a new program to help prevent the theft of sensitive personal data. The Privacy by Design Research Lab will establish a virtual environment in helping create guidelines for businesses to effectively protect personal information. Here to talk about the new program is ASU Information Systems Associate Professor Julie Smith David. Good to have you here. Thanks for joining us.
Julie Smith David:
Nice to be here.
Ted Simons:
Research lab to focus on data privacy. What are we talking about here? Paint us a picture of what we are seeing.
Julie Smith David:
Great. It's not a research lab like you would think with a biochemistry lab. It's not a physical location. It's an organization that's going to bring together companies and people in order to protect individual data. So information about you such as your health records or your sensitive financial information. We are going to be working with people specifically so we have events once a month where people come to campus. In fact, Marilyn Krause is bringing in an AICPA task force here to work with the accounting community to work on privacy standards. We are going to have virtual presence so we can have individuals participating from all over the world in order to help develop guidelines so organizations are really respectful of all of our individual private data.
Ted Simons:
What kind of organizations are we talking? The big things that are online? Are we talking about hospitals? All points in between?
Julie Smith David:
The privacy really spans everything. And so it's interesting. We are working with a number of independent entrepreneurial companies that are just getting started in Arizona that are looking at how can you do things like have mobile applications on your cell phone that keep track of where you are globally, but actually then still respect and don't share that data with anyone else? We are working with small companies. We are working with large companies such as Intel how to develop computer chips that have privacy in it. They have come to us to share their views and outlooks and so the overall, our objective is to help companies design their processes so that privacy is in from the very start so they are more efficient, more effective but all of us as consumers and employees can sleep more securely.
Ted Simons:
I have always wondered when talking about security and people who advise and assist on security matters, how do you keep secret the secrets of security?
Julie Smith David:
Well, in the security is one piece within privacy and with security, it's always changing. So you keep developing new security standards and then as those leak out, somebody smart enough is going to come back in and figure out a way to get over those security standards. There's some interesting work being done where things such as biometric, using your fingerprint as a decoder are now being developed so that if I had some private data, I don't ever want to store my fingerprint on my computer because then somebody could steal that. But if I use that as the secret decoder ring, when I swipe my finger, all of that private information now is revealed to me. But nobody else would have my finger.
Ted Simons:
Interesting. Compare and contrast security concerns, government, private sector, U.S. and the rest of the world.
Julie Smith David:
That's a really interesting question. Because the international piece is really dramatic. The many other countries have very much more rigorous privacy regulations than in the United States. So we are pretty much used to giving away our personal information for a little bit of convenience, for ease of shopping, for almost any reason. You think about how many times are you videotaped? How times do you give information about you online? Those are good examples of where we give that privacy information away. In Europe and in Canada they are much more conservative. They are much more respectful of an individual's data so the individual continues to own that data regardless of where it is. And so we are working internationally to look at what are the best practices that are being developed in Europe and in Canada? In fact, one of our advisers is the Information and Privacy Commissioner for Ontario. She was out two weeks ago giving a presentation to the people who attended this month's monthly session all about how if you build privacy in, it can save companies money but also protect privacy, things you and I don't think about that can go wrong.
Ted Simons:
We talked earlier. In Canada they have a system to where a face is blotched out until and unless it's needed.
Julie Smith David:
It is. It's really fascinating. Here when we get our, when we have video surveillance, the video surveillance is captured much like a regular video that you or I would take with a camcorder. In Europe and in Canada there's some real concerns about anybody who could watch that videotape and there's really no need for them to know each individual that goes into that convenience store. What they have developed in Canada is a device that takes videos, but it blanks out the whole person. So if you were to watch the video it's almost like seeing a ghost walk across the screen. You could tell there was someone there but if there's a crime, then the police commissioner and privacy commissioner both use their keys. They can unlock the data and all the pictures become available. So the police can still do all of their investigation. That information is there. But anybody who walks into the convenience store otherwise, their privacy is protected. That's the really type of different outlook that we see in other countries than here. But it's things we should all be mindful of. When is it that we need to give away our personal information?
Ted Simons:
Are organizations becoming more mindful?
Julie Smith David:
They are becoming much more mindful. We tell our students, imagine you are on the front page of the Wall Street Journal and that some of your health records have been leaked. That's a huge concern now for organization, a really much more growing concern which is one of the reasons why this Privacy by Design Research Lab is in the School of Business. Companies are supporting us to say we really want to develop good practices. At the same time we really want to educate people who are users, consumers, users of technology that what they can do to protect their privacy. So we really look at ourselves as having two really important missions. One is to help organizations, the other is to help individuals.
Ted Simons:
It offers a competitive advantage I would think for the companies that are on board and get it.
Julie Smith David:
The companies that can demonstrate they are really mindful of other people of privacy have been able to demonstrate that they are able to get more loyal customers, they are able to have longer term relationships. That's another thing we will be working with is how to demonstrate the ROA for any sort of initiative a company would like to establish.
Ted Simons:
How much control can an individual have over all these -- we are talking medical records, education records, social security numbers, job history -- how much control do we have?
Julie Smith David:
It's -- it's sort of simultaneously scary how little control we have and there are also opportunities to take better control. Right now I have been focused on working with people taking better control. So for example, if you are using Facebook, that we should educate people, make sure you go in and establish privacy settings so that the information that you are putting out there only gets to those you want. So for most adults, we would say, establish a friend list of trusted friends, make sure that your privacy settings are set so nothing gets beyond that circle. And then realize that anything you put in there is going to live forever anyway. And so when I am dealing with college students, your spring break pictures, maybe you really don't want to share that way. You definitely don't want to share without making them private because when you go interview with a job, it's likely that recruiter will come out and find that information. That's very important.
Ted Simons:
As far as the research lab is concerned, how is that funded?
Julie Smith David:
We just got funded a couple of weeks ago and it was the Privacy Projects Organization has provided seed funding for our first two projects. Then we are working to establish additional funding. But what they have asked us to do is to establish task forces to look at a couple of specific business processes and develop guidelines for organizations so that the concepts behind privacy by design can be embedded in and there will be a way to go through and evaluate how closely do you meet those objectives? We are looking at doing actionable guidelines companies can develop and that's the first project we are working on with the privacy project's organization. So it's pretty exciting.
Ted Simons:
And you are getting good response so far?
Julie Smith David:
We put out the first call for task force members and we looked at very high profile -- I can't reveal them yet but high profile people who are interested in participating. We will have a data privacy event on campus in January, and we are bringing together those task forces along with other individuals who would like to contribute to them and really kick the projects off quickly in January.
Ted Simons:
Interesting stuff. Thank you so much for joining us. I appreciate it.
Julie Smith David:
Thanks for giving us the opportunity. Thanks.
Julie Smith David:Privacy by Design Research Lab, Arizona State University;