This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle four: protecting data when it is passed on to others in your value chain.


Here is the Fourth of 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships, based on Dialog’s recent research.

While the last post discussed getting your own house in order around protecting customer data, equally important is protection of that data when it is passed on to others in your value chain.

Consumers regularly agree to share data with a particular organization for immediately known purposes – a purchase transaction, registering for a site or service, downloading an app. There is an abstract understanding that their data is shared. But the specifics of with whom, how and for what are vague to all but the most attentive, usually those who work in a marketing capacity. I recently heard a statistic that a data broker will have about 1500 pieces of information on an average individual! I didn’t know there could be 1500 things about me to be tracked. Who knew I was so interesting?

This vague concept of ‘they have all of my data’ is unsettling, leaving people feeling powerless and hoping that nothing harmful will befall as a result. It is perhaps the greatest area of concern for our study respondents. Legal requirements are normally that the data owner has bottom line responsibility (read that the one who could be sued in a breach), so it behooves you as a data collector to integrate strict data management terms into your third party contracts.

But beyond that, it’s how the data is used and monetized – and we all know this is the holy grail of marketing – that respondents find troubling. One respondent noted that “3rd party access to my search history is completely inappropriate.” Another noted that “if you got my data from somewhere else, tell me where you got it from.” Some of the other concerns expressed included not allowing an individual’s identity or data given for one perceived purpose to be used by entities that have control over other parts of their lives – insurance, credit, employers, housing, civil litigation, healthcare providers, surveillance or profiling, divorce court, political parties, or the news media, except as allowed by law. Data collectors should therefore carefully consider legal requests vs. legal requirements.

One suggestion was to have and observe universal standards on collection and distribution of sensitive and potentially harmful medical and financial information. There are already laws about these domains, but data analytics can get pretty accurate at some of these situations using other non-regulated data.

But some respondents also took a Buyer Beware stance, saying that data voluntarily given and captured through public means is there for the taker, and consumers can always choose not to participate in a transaction. Better to educate people about what is being harvested about them and how it is used. Perhaps improving privacy policies would be a good start. But it can be challenging to get that message across when data is handed off to anonymous 3rd parties whose very existence or purposes are unknown to average people.

With the Internet of Things, this situation will grow exponentially, creating further issues of securing data at the points of collection, transfer and curation x 1000 – and the implications for Big Data crunching that will come from it. Bottom line – mind your partners. Privacy protections need to be contractually obligated with third parties, but prudence dictates you avoid sharing with those who perpetrate the creep factor, especially when contributions can be traced back to you.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Notes from the Silicon Valley Cybersecurity Summit: Part 2

September 30th, 2014 | Posted by Sarah Jones in Guest Blogs - (Comments Off)

NVTC is inviting members to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. Kathy Stershic of member company Dialog Research & Communications shares her insights below.


While the policy panel discussion at the summer’s Silicon Valley Cyber Security Summit pointed out the many challenges of governments trying to deal with the cyber threat, the second ‘Next Generation’ panel was all about the shortage of qualified talent to deal with the problem.

The good news – cyber presents a great career opportunity! As in, the industry needs lots of help. Now. The not so good news is that 40 percent of open IT security jobs in 2015 will be vacant. There simply aren’t enough qualified people to fill them. Technologies such as new threat intelligence and attack remediation products will continue to advance. That will help automate intervention, but there is still a need for people to skillfully apply them, and for others to create them in the first place in the face of a never-ending game of new threats. One speaker said that, as of only a couple of years ago, a new malware was detected every 15 seconds. Now two new malwares are detected every one second! The speakers expected that pace to accelerate exponentially.

There are a growing number of formal university programs in this area, but I was very surprised to hear that only 12 percent of computer science majors are female, and that population has been steadily shrinking for two decades. A marginal percent of those study cyber. So we’ve got a challenge with public engagement in the issue, an inadequate talent pool, and almost half of the student population not thinking about the problem.

Of course not all software learning is in the classroom and talented hackers do emerge. That is why General Keith Alexander [former head of U.S. CyberCommand] went to least year’s Black Hat Conference – while unconventional, he knew this is a place to find badly needed talent. There are also several incubator initiatives like  Virginia’s Mach37, and many startups are trying to get off the ground.

Another challenge is that CEOs don’t fundamentally understand the complex cyber problem, so they delegate the task to the CIO. [This reminds me of similar dispositions toward Disaster Readiness and Business Continuity Planning pre-9/11]. Cyber threat is another form of business risk and should be planned for as such. One speaker mentioned that there is expert consensus, even from VCs who are scrupulous about how money is spent, that for a $100 million IT budget, 5-15 percent should be spent on security. While panelists noted cyber threat is a top discussion point for many corporate boards, there is uncertainty about what to actually do to prepare.

This is a tough issue all the way around. One speaker suggested repositioning the brand message to what regular folk will respond to – protecting our national treasures, homes and quality of life, critical infrastructure and national security. Nick Shevelyov, Chief Security Officer of Silicon Valley Bank, summarized the issue: ‘the technology that empowers us also imperils us.” I’m hoping more of us come to understand that and step up.


Contributed by Kathy Stershic, Principal Consultant, Dialog Research & Communications

kstershic@dialogrc.com

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS