Professional Documents
Culture Documents
Guy Pearce
January 2023
1
WEBINAR INFORMATION & QUICK TIPS
• Use the HELP icon at the bottom for FAQ’s and system requirements.
2
CPE CREDIT PROCESS
LIVE EVENT & ON DEMAND RECORDING
• You must view the live or recorded webinar for the required amount of time
(50-minutes). Check the CPE Credit window to view the timer.
• Your CPE Certificate will automatically appear in the ISACA CPE RECORDS
tab on the MyISACA page after completing the required viewing time.
• Please be patient. This process could take up to 48 hours for your CPE Certificate
and the CPE credit to be applied to your account.
• As a reminder, ALL ISACA webinars, the CPE credits and CPE certificates expire
365 DAYS POST LIVE EVENT. Please make sure you save the appropriate
documents to your personal records.
3
APPROACH
“This webinar features the key activities instrumental in growing internal and
external trust in enterprise data.”
• I will do this by highlighting some activities that cause a decline in data trust. The
organizational response should be to change the way those activities are performed
“It also highlights the public’s obligations with respect to their data as one of their
most prized possessions.”
• As much as the focus is on organizations to improve trust, you will see how you and I
have significant trust responsibilities too
4
AGENDA
1. Introduction
2. Setting the Scene Part 1: How much is your personal data worth to organizations?
3. Setting the Scene Part 2: How much is your personal data worth to you?
4. Data Trust: A great big mess filled with opportunity for reflection, and correction
6. Conclusion
5
EXECUTIVE SUMMARY
• Your data (often used without • 3rd party data drives the decline in
permission – reducing trust) can trust; opportunities in zero and 1st
yield 10,000% ROI party data collection need trust
• They can also unethically be • Data quality is a costly business
used for political gain, further problem that also decreases trust
reducing trust
• Low data quality puts both
• Some are sadly happy to trade businesses and consumers at
their data for short-term trinkets risk, further decreasing trust
• Business is out of touch; many of • Data can and does impact the
them say data trust is increasing integrity of our social fabric,
while consumers say it isn’t decreasing trust
Organizations are not solely responsible for the decline in data trust;
consumer behaviour is problematic too. Both parties need to address it
6
Introduction
About this trust thing…
7
IT CAN BE HELPFUL TO DEFINE TRUST VIA DISTRUST
Distrust:ThisAPhoto
lack of Author
by Unknown faith based
is licensed on knowledge - like experiencing a lie or a
under CC BY
broken promise - where what is key to you is unsafe with the counterparty
8
ALTERNATIVELY, TRUST IS A VULNERABILITY
10
THAT’S WHY IT’S CRITICAL TO UNDERSTAND DATA TRUST
Strong, credible leadership acting on these and other trust factors is key
12
Setting the Scene Part 1
How Much is Your Personal Data Worth to Organizations?
13
HOW MUCH IS YOUR PERSONAL DATA WORTH TO
ORGANIZATIONS?
Illegally
What can be
done with it Unethically
Legally
Data Capture
What it costs
to acquire it
Illegally $
Data
Procurement
Unethically ± US$0.40 - $US1.70 per person
The most valuable data? 18-24 year old
Middle Eastern men in the US Northeast,
earning US$120k - US$150k pa
Based on: https://mackeeper.com/blog/most-desired-data/
We are rightfully distrustful of how our data are acquired without our
knowledge, never mind our consent. It’s cheap and easy to acquire
15
FINANCIAL BENEFIT EXAMPLE
± US$41 per active
Ad Revenue user per year
Source: https://www.statista.com/statistics/234056/facebooks-average-advertising-revenue-per-user/
Sales
Behaviour
Legally Prediction Political
Gain
What can be
done with it
Illegally Behaviour
Modification Social
$
Influence
Unethically
Mimicry Identity
Theft
Surveillance
16
ANOTHER FINANCIAL BENEFIT EXAMPLE
Ad Revenue
Sales
Behaviour
Legally Prediction Political
Gain
What can be
done with it
Illegally Behaviour
Modification Social
$
Prochazka
Set in the 1960s, Prochazka
Influence discredited
supported reform and publicly Unethically
criticized conservative views in Mimicry Identity
Czechoslovakia. In a final attempt to Theft
silence him, he was bugged, and his
private conversations (mocking his Surveillance
friends) were broadcast on radio
20 Source: https://www.goodreads.com/quotes/6158505-in-private-a-person-says-all-sorts-of-things-slurs
PRIVACY THOUGHTS FROM THE YEAR 1984
Thus only gradually did people realize (though their rage was all the
greater) that the real scandal was not Prochazka's daring talk but the
rape of his life; they realized (as if by electric shock) that private and
public are two essentially different worlds and that respect for that
difference is the indispensable condition, the sine qua non, for a
man to live free; that the curtain separating these two worlds is
not to be tampered with, and that curtain-rippers are criminals.”
Milan Kundera, The Unbearable Lightness of Being
These concerns are 40+ years old, and remain mere talking points today
21 Source: https://www.goodreads.com/quotes/6158505-in-private-a-person-says-all-sorts-of-things-slurs
Setting the Scene Part 1 Summary
• Your data are of significant value to organizations, especially business
23
HOW MUCH IS YOUR PERSONAL DATA WORTH TO YOU?
24
WHAT IS THE VALUE OF YOUR PERSONAL DATA TO YOU?
A 2011 study sought to determine the value consumers place on various forms of their data
People don’t value their data. That’s bad for a personal asset
that you carry with you for your whole life…
26 Source: https://hbr.org/2015/05/customer-data-designing-for-transparency-and-trust
EXAMPLE: THE CASE OF VERIZON IN 2017
The customers would earn credits for their spend, which could be exchanged
for streaming subscriptions, discounts on device upgrades, and movie tickets
• Information about the quantity, type, destination, location, and amount of use of
your Verizon telecommunications services and related billing
• Information from other companies like gender, age range, interests, shopping
preferences, and ad responses
27 Source: https://arstechnica.com/information-technology/2017/08/want-verizon-rewards-just-let-vendors-and-partners-see-your-browsing-history/
TAKE CARE: THE ALLURE OF MERE TRINKETS
• 58% of consumers from around the world Unfortunately, people will do anything for
would share internet activity in exchange a free pizza
1
for free online content A Domino's franchisee in Russia decided to
award 100 free pizzas each year for 100
years to customers that got visible tattoos of
“Most people … don’t assign any real cost the restaurant chain's logo
to losing their privacy because they have
the luxury of living … in places where the
rule of law is strong and human
2
rights are at
least somewhat protected.”
It’s troubling that individuals are placing less value on their personal data
over time, and also that they’re willing to exchange it for “free stuff”
29
WHAT IF “MOST” OF A PERSON’S DATA WAS AT STAKE?
3,000
2,500
2,000
1,500
$
1,000
500
State
The average American would sell most of their personal data for US$1,452
30 Based on: https://www.fastcompany.com/90776352/how-much-do-americans-think-their-personal-data-is-worth-it-depends-on-where-they-live
BUT HOW MUCH OF YOUR DATA IS OUT THERE FOR SALE?
There are many, many more organizations collecting your personal data
With so much data about you out there, it’s unlikely a retailer will pay you
US$1,400 for anything else you may have
31 Source: https://ottawacitizen.com/news/national/just-how-much-of-your-personal-data-is-actually-online-we-take-a-look
SO, THE HORSE HAS BOLTED, BUT ALL IS NOT LOST
Government Identification Does not expire; Jealously protect (1st prize for hackers: impersonation)
Biometric Information 1 Does not expire; Jealously protect (DNA, fingerprints, retina)
Date of Birth Does not expire; Jealously protect
Name Does not expire; Jealously protect
Biometric Information 2 Expires slowly; Jealously protect (face, voice, signature)
Phone Numbers Expire, but can be long-lived; Jealously protect Key
Email Addresses Expire, but can be long-lived; Jealously protect Does not expire
Credit Cards Expire within 4 or 5 years; Jealously protect Expires but critical
Address Expire, but can be long-lived; Jealously protect Expires but can haunt
Employee Records Expire, but previous bad behaviour may haunt you
Social Media Expires, but previous posts may haunt you
Resume Expires, but the information in it may haunt you
• Many are happy to trade such a valuable personal asset for trinkets at retail prices
• There is so much cheaply and freely data about you out there
34
THE ELEMENTS OF DATA TRUST
35
BUSINESSES ARE OUT OF TOUCH WITH THEIR CONSUMERS
Data Collection Trend: Zero and 1st Party data collection vs 3rd Party data
procurement, to reduce liability. Its success however depends on trust
37 Source: https://aimagazine.com/data-and-analytics/first-party-data-key-to-rebuilding-trust-in-online-platforms
BUT WHAT HAPPENS WITHIN AN ORGANIZATION IS JUST
AS PROBLEMATIC
22%-33% of the time of an employee that uses data is spent fixing and
%1)
preparing it (McKinsey & Co find the average to be 29
39 Source: https://www.isaca.org/resources/isaca-journal/issues/2023/volume-1/toward-rebuilding-data-trust
1 Source: https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/designing-data-governance-that-delivers-value
IS YOUR DATA TRUSTWORTHY?
Root cause of
data problems
90%
Yes No Yes No Yes No Yes No
Are D&A Outcomes Does it Trust Does its C-Suite Has its D&A Improved
Used Consistently? Operational D&A? Support D&A? Effectiveness?
Outcome Outcome Outcome Outcome
33%
47% 44%
49% 51%
53% 56%
67%
Lack of C-Suite support, poor data sources, poor quality, poor model
checks, and poor consistency lead to poor trust and thus poor utilization
41 Based on: https://www.cioinsight.com/big-data/why-many-organizations-dont-trust-their-data/
Based on: https://www.fastcompany.com/3065294/why-executives-dont-trust-their-own-data-and-analytics-insights
THE RISKS OF ORGANIZATIONAL DATA USE
• Have the data been acquired • Are the data from different
legally? sources (e.g. procurement)
comparable?
• Have the data been acquired
ethically? • Has the data quality been
verified?
• “…short term, dopamine-driven feedback loops … are destroying how society works. …
No civil discourse, no cooperation: misinformation, mistruth.”
• “…bad actors can manipulate large swathes of people to do anything you want.”
Former Facebook VP for User Growth Chamath Palihapitiya1
• Facebook lies about its ability to influence individuals based on the data it collects on them
Former Facebook Product Manager Antonio Garcia-Martinez1
• “… [I]t is increasingly observable that social media present enormous risks for individuals,
communities, firms, and even for society as a whole … [like] cyberbullying, addictive use,
trolling, online witch hunts, fake news, and privacy abuse.”
Baccarella, Wagner, Kietzmann, and McCarthy; European Management Journal2
Our data has changed community trust dynamics in a way we did not expect
43 1 Source: https://www.theverge.com/2017/12/11/16761016/former-facebook-exec-ripping-apart-societyF
2 Source: https://beedie.sfu.ca/sms/admin/_DocLibrary/_ic/82d7197664a0ffce171b0b585495808f.pdf
Data Trust Summary
• Some businesses are out of touch with the reality of data trust, with data procurement
being a major driver of declining trust
• Dirty data is a major operational issue, incurring risk for organizations and individuals
• Many businesses don’t trust their own data and analytics because of it
• The negative impact of social media on our social fabric is only just being understood
45
INCREASING TRUST: SOME ORGANIZATIONAL OBLIGATIONS
Business will exploit individuals not valuing their data. Both are to blame
48
Conclusion
49
SO WHAT ARE YOU DOING TO PROTECT YOUR SECRET?
50
CONCLUSION
• Your data (often used without • 3rd party data drives the decline in
permission – reducing trust) can trust; opportunities in zero and 1st
yield 10,000% ROI party data collection need trust
• They can also unethically be • Data quality is a costly business
used for political gain, further problem that also decreases trust
reducing trust
• Low data quality puts both
• Some are sadly happy to trade businesses and consumers at
their data for short-term trinkets risk, further decreasing trust
• Business is out of touch; many of • Data can and does impact the
them say data trust is increasing integrity of our social fabric,
while consumers say it isn’t decreasing trust
Business is not solely responsible for the decline in data trust; consumer
behaviour is problematic too. Both parties are responsible for addressing it
51
Questions?
THANK YOU FOR ATTENDING