A framework of purpose and consent for data security and consumer privacy

Pols, Aurélie; Schiffers, Oliver

Practice paper

A framework of purpose and consent for data security and consumer privacy

Aurélie Pols and Oliver Schiffers

Applied Marketing Analytics: The Peer-Reviewed Journal, 1 (1), 66-74 (2014)

https://doi.org/10.69554/XABI3713

Abstract

Does the old adage of the data warehousing projects from 20 years ago ‘let’s collect it all and see what we’ll do with it later’ still stand today? Or should the modern line of thinking be ‘Big Data is killing the privacy framework’? Surely technological evolution has propelled data collection towards new agile high grounds, where respecting privacy regulation and avoiding the customers’ feelings of violation can no longer be considered as a pipedream. This paper starts by introducing a basic privacy framework, emphasising purpose and consent as areas requiring urgent development. It continues by exploring data minimisation opportunities and related internal procedures to assure that this framework is respected and aligned with global regulation. The paper argues that, in light of increased data collection, the very notion of PII or personally identifi able information is more than a vague concept and that necessary deidentification of data is not as easy as is suggested. Indeed, instead of focusing on the data alone, the conversation should also consider how the data is being used. This begs the question ‘what risk does an individual face if their data is used in a particular way?’ Borrowing from Spanish information security best practices and in light of increasing data breach regulations, the paper examines how data fl ows and merging of data should be defi ned and secured in order to assure accountability through an entire data life cycle. Such life cycles must also include evolving legislative minimal and maximum data retention periods, after which action must be taken, either through anonymisation of collected and used data or through its thorough deletion. Finally, data transits through multiple systems, hosted within multiple environments, ranging from internal and national to international cloud-based solutions. Each actor in this data chain has a role to play and responsibility to abide by in order to assure compliance
and mitigate risk.

Keywords: privacy by design; data minimisation; PII; de-identification; data life cycles; data anonymisation; data retention periods; cloud based solutions

The full article is available to subscribers to the journal.

Already a subscriber? Login or review other options.

Citation

Pols, Aurélie and Schiffers, Oliver (2014, October 27). A framework of purpose and consent for data security and consumer privacy. In the Applied Marketing Analytics: The Peer-Reviewed Journal, Volume 1, Issue 1. https://doi.org/10.69554/XABI3713.