Page 46 - CCCA63_2013
P. 46
CCCA_V7No3_InsideEdge-FIN_CCCA 13-09-24 2:25 PM Page 46 Inside Edge Privacy compliance important when social media meets Big Data By Nina Barakzai t’s likely your organization, like many — so how do I do that? The end result is we are more likely to Iaround the world, is becoming comfort- If we are likely to share customer data keep our customers loyal and keep regu- able with social media as a way of engag- with third parties, then I must make sure lators happy, because we have complied ing with its customers, suppliers, employ- my privacy language makes this clear and with the spirit of the law. It is not always ees and a whole host of interested parties. gives the customer a choice about this simple — some regulators take a very As in-house Privacy Counsel, I try to whether his data will be shared. This is firm line on how they enforce protection think how I can help the business use good compliance; if I can make the way of their local consumers, so in-house social media’s data to boost revenue with- in which I explain this to the customer as counsel must be prepared to adjust their out compromising on privacy compliance. clear and transparent as possible, the cus- regional stance where necessary, but start- When a business operates globally, the tomer will be able to make a more ing with the high level principles of keep- volume of data is hard to imagine. It is usu- informed choice. I also have a wider role, ing personal information safe and secure ally called “big data,” the collection of large to act as the conscience of the organiza- and taking steps to make sure it does not and complex data sets, the analysis of tion and protect customers from any get lost is likely to give you a great initial which can be beneficial to the business. potential misuse of their data. I can do this position on which to build. The commercial impact is that such data by building better governance around The other side of the picture for an in- can be used to target individuals and internal handling of that personal data. house counsel is the role I play as a guardian enhance our relationship with our cus- In Europe, as countries accede to the of our employees’ personal information. tomers through tailored messages. For European Economic Area (EEA), they take This is particularly so when employees have some businesses, the value of this collection time to bring their own privacy frame- the ability to talk to persons outside the of data and indicative information about its works into line with the harmonizing company online in an easy conversation. customers is that it can be sold to third par- Directive 95/46/EC. Sometimes this means Add this to the insight that the organi- ties who wish to make their products and that they leapfrog the privacy frameworks zation gains through customer responses services available to specific targeted audi- that have been in place in other member (even if they are disgruntled) and big data ences. This brings a revenue stream for the states. For a business operating across the analysis. Suddenly, the in-house lawyer is business which collects its customers’ data. globe, addressing 27 different sets of priva- looking at a global privacy issue of specific But when the business decides to use cy frameworks for the European region, as information being held against a class of the personal data collected from our cus- well as taking into consideration the priva- customers or employees that needs to be tomers in ways beyond what customers cy frameworks in the Americas and Asia handled consistently and safely across mul- expected when they first chose to let our Pacific countries, would result in an tiple jurisdictions, because that is how the organisation process their data, this takes unworkable maelstrom of legislation. organizations’ technical and systems infra- us firmly into the area of compliance and I may find that some jurisdictions have structure is handling that data. doing business the right way. widely differing standards of privacy con- So what does this mean for privacy, With my advice, the business uses social trols than others. With my own consumer compliance and governance? If business media to build up a detailed profile of hat on, I always prefer being able to make takes the time to link its organizational individual customer’s habits, preferences, my own choices when I interact with any behaviours to its social media activities, this likes and dislikes. I need to have a matrix business. As Privacy Counsel operating drives good, connected, collaborative and of legal provisions and policies which will across multiple jurisdictions, I may need to sustainable business. combine notice to consumers at the point produce language which focuses on the at which their information is collected, principles of processing a customer’s data Nina Barakzai is Chair of the C&I Group and an overarching policy statement that in a way that is predictable and expected, Corporate Governance Committee and Group sets out the organization's overall rather than identifying every nuance of Head of Data Protection & Privacy, BSkyB, approach to handling personal data. Great each jurisdiction’s privacy laws. United Kingdom. 46 CCCA Canadian Corporate Counsel Association FALL 2013
   41   42   43   44   45   46   47   48