Archive for the ‘Privacy’ Category

Radical Transparency of Privacy In Social Media

Tuesday, December 21st, 2010

If a tree falls in the forest, does anyone hear it?  Does anyone care?  If you sign up for a website email list and the site uses your information for other purposes, do you care?  What are the downside consequences of you sharing something socially? Digital privacy is a hot topic right now as it should be.  On one hand, you have consumers who got a taste of the FREE internet meaning content is free, applications are free, utilities are free.  On the other hand, you have corporate advertisers who are paying for your access via advertising.

Ever wonder how YouTube could possibly host, store and stream all of that video content to everyone, anytime and not charge a dime for it?  Ever wonder how Flickr and Facebook can store you entire life’s worth of photos for free?  It’s not because they like you all that well, it’s because your aggregated data is very valuable.  The digital “gold” of the Internet if you will.

I always wonder if people really care about their data privacy.  Consider college students who post their secret, crazed college days online.  There is definitely a demographic shift of intentionally posting private data.  Younger generations are much more open to posting their life happenings onto the web whereas adults who have not grown up with technology are much more stringent on the content they post.  The digital data privacy debate certainly has a colorful list of players (my version only):

  • Uptights – typically older and do not trust that which they cannot hold (the Internet)
  • Loosey Gooseys- Have no regard for any repercussions for what they post, say or otherwise do online.  They feel they are exempt.
  • Professionals – Have a few accounts (mostly on business sites) that they frequent and a handful of social sites they signed up for but have never gone back to.
  • Greenies – first time on the Internet and think everything is “official” because it’s on the Internet whether content, sign-ups or spam links
  • Too Cool For Schoolies – who have been on the web since it started and think they can spot a scam or fake cookie a mile away. These are the ones that marketers really love to collect their data on.
  • Violated – Every one of the above who find out their data is being used who act like they actually care about it now.

The fact is that your data is collected online both intentionally and intrinsically.  Intentionally when you sign up for an email reminder, sign up for a new game or social network ,etc.  Intrinsically every time you log on and visit a site someone is following your cookies and making assumptions based on where you visit and what you search for….you just don’t know it.  If you want to get a sense of what is collected, just visit the Consumer tab of www.bluekai.com.  But don’t blame it on the Internet and all the mean companies on the web.  We are the ones who shunned the newspapers when they tried to set up walled gardens and charge for content.  We are the ones who refused to pay for personal quickbooks offerings therefore making way for www.mint.com.  I liked the way one CMO put it,  the federal campaign to require a digital Opt-out list is a scare tactic.  What they should really be marketing is a “I want to sign up to pay for my digital content” campaign due to the fact that if everyone opts to not allow digital tracing, then advertisers will have to require a paid subscription for anything they do online.

Now imagine that no matter how smart you think you are, you intrinsic data has been tracked for decades however no-one had the computing power to do anything with it before.  That’s right, every time you watch a television show through your cable box, the cable company knows what you watch, when you watch it  and how much of it.  For instance, they can provide an accurate list of supporters to candidates by knowing if a customer frequents CNN over FOX News, they know when you move and they know if you pay your bill on time or not, etc.  Ever wonder how those coupons on the back of your grocery store receipt always have the items you like, they compare what you just purchased against other items that people who purchase similar items usually buy also.

The fact is that marketers are in a never ending quest to become more relevant to you whether online or offline.  If business is going to infringe deeper into your privacy then who need to keep them in check.  Is it government or industry trade groups?  The business landscape is littered with those who have tried to self-regulate (Internet and Housing Bubbles) although there are shining examples as well.  I believe that it will ultimately come from some mix of the two where the government will continue to protect citizens from economic privacy harm like identity theft and Industry watch dog groups will hold companies morally responsible.  Which brings up another point, Is a company’s obligation to consumer privacy a regulated one or a moral one.  If I ever found out that www.amazon.com was using my private data maliciously I would go to www.ebay.com, www.etsy.com or www.jomashop.com no matter if the FTC was there or not.

This big topic will certainly require a pro, therefore who else to cover it than the Social Media Explorer himself Jason Falls.  This is Jason’s 2nd time hosting and if this chat is anything like that last one he did, we will have to charge a cover fee (speaking of free content :-) ) to pay for all the extra server strain he brings.  Jason is a coveted strategist, speaker and all around good person and we are happy to have him hosting once again.  The topic and questions are:

Topic: Radical Transparency of Privacy In Social Media

Q1: What is a business’s obligation with consumer’s digital right to privacy?

Q2: Who should regulate digital privacy – gov’t or industry groups?

Q3: What are the moral implications for businesses and digital rights to privacy?

Please join us in this online chat on Tuesday, December 21 at noon ET.  Follow #sm91 from your favorite Twitter client or simply go to our LIVE page at www.hashtagsocialmedia.com/live.  The format will stay the same with the first question starting at noon and a new question coming every 20 minutes at 12:20 and 12:40.

Tags: , , , , , , , ,
Posted in Privacy | 1 Comment »

Does Pharma REALLY have anything to offer in social networking?

Tuesday, September 21st, 2010

Social media and social networks provide an increasingly popular way for consumer and companies to engage and interact. Consumers are not bound by regulations in the way they communicate. They are free to discuss their healthcare issues with anyone they want. Whether sharing advice on medications and their off-label uses or talking about a weird thing that happened to them medically and “oh-by-the-way” I was taking this medication when it started happening, consumers are free to share this information when and how they want.

For pharmaceutical and insurance companies, these same conversations can cause severe cases of heartburn for regulatory and compliance departments if these topics were to be brought up on a social networking site sponsored by said company. Off-label uses cannot be condoned by the pharma company and allowing a C2C conversation to happen without correcting it may be considered condoning it if brought into legal proceedings. The “oh-by-the-way” discussion could be considered an Adverse Event (AE) and would therefore need to be registered into an AE database that is regulated by the FDA.

As you can see these relatively benign instances that happen all over Facebook, Twitter and other social networks every day fall directly into a regulatory grey area for pharmaceutical and insurance companies. Without direct legislation and regulation, many companies have chosen to stay away from social media for the time being. The problem is that social media is not going away and that social engagement could pave a potentially lucrative path to new revenues and new opportunities for those companies who can figure out how to harness the power of social.

Understanding what regulations are in place and applying them to social we help shape a foundation by which to develop better guidelines for participation in social media and social networks.

Be Clear in Conversations
The range and depth of biotech, pharma and health care regulations are vast. They cover a wide range of areas spanning how you manage clinical trials to manufacturing to sales and control of patient information. While discussing the talking points in this document let’s be clear that our assumptions are that:
     * You are using your social network to manage outreach to bring interested parties into the fold to inform them of where to get information, gather their ideas, priorities and interests, and connect them with other professionals with related interests and expertise. This might include:
          o Foster greater collaboration on new products
          o Improve internal processes
          o Increase the effectiveness and efficiency managing regulatory compliance
          o Enable doctors and patients to more easily access needed information
          o Increasing the efficiency in the delivery of health care through innovation and collaboration
          o Strengthen post-marketing pharmacovigilance their products

     * You are not using your social network to manage clinical trial subject data; drug, biologic or medical device manufacturing data; or safety data

What are the Regulations that Need to Be Considered?

     The two primary bodies of regulation to watch are:
1. Title 21 CFR Part 11 - Title 21, Part 11 of the Code of Federal Regulations (CFR) which deals with the FDA guidelines on electronic records and electronic signatures
2. HIPAA Title IIHealth Insurance Portability and Accountability Act (HIPAA) protects the ability for workers and their families to gain access to health care when the switch employers or jurisdictions (i.e., when they move). Title II of HIPPA contains something called The Privacy Rule that governs the use and disclosure of Protected Health Information (PHI).

The other area to understand is how to manage Adverse Events which falls under the term Pharmacovigilance.
1. Pharmacovigilance: Generally speaking, pharmacovigilance is the science of collecting, monitoring, researching, assessing and evaluating information from healthcare providers and patients on the adverse effects of medications, biological products, herbalism and traditional medicines

     How to Incorporate These Regulations into Social
The following talking points are meant to address how we can meet regulatory guidelines by implementing technology in very particular ways to mitigate regulatory concerns and still engage stakeholders in a meaningful way.

First, there are two over-riding recommendations when incorporating social media. They are:
1. Separate social networking infrastructure from regulated legacy systems. You do not want to unduly subject your social networking infrastructure to all of the regulations that fall under regulated systems therefore it is absolutely critical to ensure you separate the social networking components of your Health 2.0 infrastructure from your other enterprise systems.
2. House all UGC in a true enterprise data warehouse. By pulling social networking UGC into a enterprise data warehouse and providing your safety monitoring team access to this, you are providing them a new channel to mine and monitor safety information.

With regard to specific regulations, here is how they can be incorporated into social media:

Title 21, Part 11 of the Code of Federal Regulations (CFR) that deals with FDA guidelines on electronic records and signatures. With social engagement, we recommend three key elements:
1. Never Delete: data needs to be Archived or turned “Inactive” not deleted.
2. Use secure, electronic signatures: which relates to only letting authenticated users contribute content (no anonymous contributions).
3. Documentation of Compliance: be able to demonstrate that you have designed, built and tested a system that does the above. This includes documenting requirements, design, test cases and successful completion of those test cases. It also includes demonstration that your configuration management processes ensure that the code you have in production has completed full documentation of the above before going to production.

HIPAA Title II: specifically the Privacy Rule that governs the use and disclosure of Protected Health Information (PHI). We recommend three key elements:
1. Closed Groups – create specific areas that can be closed from general populations (ie.HIV, Diabetes, etc groups). To create even tighter requirements you can apply white list/black list rules to enforce group requirements (even blacklisting insurance domains).
2. Strict Adherence to Profile Information – Do not capture any PHI data fields. Strongly encourage Display Names to not include names or other identifiers (this includes either prohibiting Avatars or only allowing members to pick from a list generic Avatar icons). Finally, encrypt all profile information (and – to assure Part 11 compliance – never delete past profile information.)
3. Moderate all UGC – this is limiting in participation and taxing on resources however there is a mix of moderation and publication that can limit a user’s exposure (through the use of coordinate inputs for instance).
Pharmacovigilance: pertains to patients reporting adverse drug effects. There are a couple of items here including moderation and having a true data warehouse to store your social content and easily mine and manage information and content.

Source: Much of this content was pulled or modified from http://www.exsecutus.com/haughwout/2009/07/health20-ugc-mgmt which is the work of Jim Haughwout.

So now we’ve covered the regulatory side of the issues that pharma faces in social.  So what can they do?  That is what our moderator this week is going to help us figure out.  Moderating this week is Steve Woodruff.  Steve is one of the leading minds in helping to figure out social in regulated industries.  The topic this week and the questions are:

Topic:  Does Pharma REALLY have anything to offer in social networking?

Q1:  I think pharma companies are generally evil and I don’t want to hear from them. Am I right?

Q2:  I have health questions and would really like to hear from these companies. Can they talk?

Q3:  What are pharma companies actually doing in the social space, and is it worth anything?

Join us on Tuesday 9/21 at noon ET for the #socialmedia chat by following #sm78 from your favorite Twitter client or simply follow our LIVE site at www.hashtagsocialmedia.com/live.

Tags: , , , , , , ,
Posted in Privacy, Uncategorized | 2 Comments »

Social Media Data Management – Privacy, Security and Retention

Tuesday, June 15th, 2010

People in general are jumping on social networks at an amazing rate.  They sign up, add a few photos, post some thoughts, invite friends, take a survey, click on a couple of ads pozing as games and before you know it, that individual has a lot of readily available social information they have volunteered.  Knowingly or not, every click that is made tells more and more about the user.  By joining these networks are you giving up your right to that data?  The privacy camps say its your data and you control it.  The social networks are showing (by their actions) that by signing up and using the site for free, you are effectively paying for use of that social network by providing you data to use.  Whether anonymized of not, that data is extremely valuable to the right advertisers.  Those advertisers have proved they will do about anything to get it.

A few examples: Google states that it does not use your data (search, email, now phone) however their recommendations of people to connect with is eerie.  Facebook uses your data to match advertisers up with.  While they may not give it out (or maybe they do http://www.dailyfinance.com/story/company-news/facebook-shared-personal-data-with-advertisers-without-user-cons/19485873/).  Anyone with a Twitter feed can find out quite a bit about a person if they were capturing those streams and feeding them into a database.

Are you “paying” to use social networks with your data?  Our moderator this week is a highly sought after social media professional who is a long time contributor to this group.  Ken Burbary is the lead digital and social media strategist for Ernst & Young and is moderating this week’s session on social media data privacy and what companies are actually doing with the data.  Ken brings a wealth of knowledge and, working with highly regulated companies, he brings a hands on perspecitve of the topic.  The topic this week is:

Topic:  Social Media Data Management – Privacy, Security and Retention

TOPIC QUESTIONS

Q1)  What customer data do companies collect and use from social media platforms and web sites?

Q2)  How are companies securing and protecting social media data that that they collect?

Q3)  What purposes are companies retaining social media data for? How are they using it?

Please join us this Tuesday 6/15 for a lively conversation on the value of personal data to companies.  The event starts at 12 noon eastern and run for one hour.  As always, the first question will be asked at noon and then every 20 minutes.  Follow along by tracking #sm64 from your favorite Twitter client or simply use our event page at www.hashtagsocialmedia.com/live we look forward it!

Tags: , , , , , , ,
Posted in Privacy | Comments Off

Quick & Legal: How to Make Social Media Less Scary for the Legal Dept

Monday, May 24th, 2010

There’s a saying in software development that customers want to get their projects done:

Cheap, Fast and Good.

The typical IT joke is that you can have 2 but not all 3.  I have a feeling that’s where the legal department’s position is with the other departments who are deploying social and have a need to engage with their customers.  Where the CEO ideally wants the response to happen Quickly & Legally.  The joke here is that Legal departments say “Quick” OR ”Legal” but not both.  There have been a couple of big brands on the wrong end of that joke lately and therein lies the importance of incorporating the legal department as a founding partner of your social efforts in the beginning rather than trying to “bolt” them on afterwards.

To be fair, there are a lot of reasons that the Legal department should be a significant partner in your efforts.  This deck from Daliah Saper does a solid job identifying all the reasons that mitigating risk in social is important.  Here are just a few:

  • Privacy Laws – Like HIPPA in medical
  • Negligence – in assuming a duty and not following  through on it
  • Trademark – confusing a consumer about your Brand and it’s use
  • Copyright – using/sharing something that’s not yours
  • Discrimination – especially when used in the hiring process & checking up on current employees

The marketing reality though is that Brands simply don’t control their messaging the same way in which they used to.  Responses to outcries from promoters and detractors alike that are measured in days or worse yet weeks is simply unacceptable today.  Speed is of the essence and customers just want to hear the truth.  That puts legal departments, who are in place today to mitigate risk, in a precarious position.  Where their primary job is reviewing the actions of employees it typically takes longer to get tasks completed.  Much of the time now executives who take the time to run through legal are actually opening themselves and their companies up to increased risk of being perceived as non-responsive and contrived (or not authentic).  The damage from being too slow can sometimes be more than acting quickly and genuinely.

What are companies to do?  Our moderator this week, Lucretia Pruitt, has been working on answering this question as well.  A veteran of the digital space, she has had her share of run-ins with the legal debate and has agreed to help all of us work through this.  Following in our tradition of 3 questions spaced 20 mins apart, Lucretia will lead the chat starting at noon eastern with the following questions:

Topic: Quick & Legal: How to Make Social Media Less Scary for the Legal Dept

Q1: How can big companies advocate for less regulation to reflect realities of social media engagement?

Q2: Should you train legal in SM and what does it look like?

Q3: How do you create SM policies/strategies that legal will accept?

We invite you to join in the conversation to share or learn or both!  Follow along by using #sm61 on your favorite Twitter client or simply follow along on our LIVE page.

Tags: , , , , , , , , ,
Posted in corporate, Privacy, social media | 1 Comment »

Facebook Blowback: What's the Upshot for Social Media?

Tuesday, May 18th, 2010

A hot topic this week that will be the beginning of a series of events around data privacy and social media.  To start it off, it’s helpful to understand the consumer point-of -view and how privacy is perceived and how the major social sites are addressing privacy and data security.

Facebook appears to be the poster child right now for their approach and response to privacy concerns from the industry and from their members.

Your information can’t be made safe on Facebook, but you can make it safer.” says Steven J. Vaughan-Nichols, ITworld

While I could provide my opinion on Facebook, Google’s data privacy mis-hap, etc I think there are enough viewpoints around it to simply pull the best thoughts together as a resource.

Sephoria, from Blogher did a great post on this topic and had this to say:

“….What pisses me off the most are the numbers of people who feel trapped. Not because they don’t have another choice. (Technically, they do.) But because they feel like they don’t. They have invested time, energy and resources into building Facebook what it is. They don’t trust the service, are concerned about it, and are just hoping the problems will go away. It pains me how many people are living like ostriches. If we don’t look, it doesn’t exist, right?? This isn’t good for society. Forcing people into being exposed isn’t good for society. Outing people isn’t good for society, turning people into mini-celebrities isn’t good for society….”

and Jeff Jarvis from his blog, Buzz Machine has this to say:

“They confused sharing with publishing. They conflate the public sphere with the making of a public. That is, when I blog something, I am publishing it to the world for anyone and everyone to see: the more the better, is the assumption. But when I put something on Facebook my assumption had been that I was sharing it just with the public I created and control there. That public is private. Therein lies the confusion.”

Our moderator JD Lasica points out that now the activist organization MoveOn.org is lashing out at Facebook attracting support from its over 5 million members to promote the following:

“Facebook recently made a number of changes to its privacy policy that make your profile information public – even if you thought it wasn’t. Many people aren’t even aware of these changes. So we put together a chart to show you what these changes mean for protecting your information.

If enough people understand what these changes are and how they affect them, we can convince Facebook that this is not how we expect our personal information to be treated. Click the buttons below to share this chart with your friends via email, Facebook, Twitter or LinkedIn.”

To make sense of all this, JD Lasica will be moderating today’s chat on the topic of privacy specifically on Facebook.  We are pleased to have JD as he is one of the founding fathers of social strategy it seems and has been at this well before it was ever referred to as social media.  The topic and questions are below:

TOPIC:  Facebook Blowback: What’s the upshot for social media?

Q1) Has Facebook gone too far with “Open Graph,” infringing on our notions of “private” information?

Q2) What’s the disconnect between the elites and the 425 million users who could care less?

Q3) Marketers are salivating over the troves of FB members’ personal information that has become public. Is this a land mine waiting to go off?

The chat will take place Tuesday 5/18 at noon eastern and you can follow along from any Twitter client by using #sm60 this week or by simply following along at our LIVE page which provides a unique chat experience.

Tags: , , , , , , ,
Posted in Privacy | 1 Comment »