EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

A framework of purpose and consent for data security and consumer privacy

Aurélie Pols and Oliver Schiffers

Applied Marketing Analytics: The Peer-Reviewed Journal, 2014, vol. 1, issue 1, 66-74

Abstract: Does the old adage of the data warehousing projects from 20 years ago ‘let’s collect it all and see what we’ll do with it later’ still stand today? Or should the modern line of thinking be ‘Big Data is killing the privacy framework’? Surely technological evolution has propelled data collection towards new agile high grounds, where respecting privacy regulation and avoiding the customers’ feelings of violation can no longer be considered as a pipedream. This paper starts by introducing a basic privacy framework, emphasising purpose and consent as areas requiring urgent development. It continues by exploring data minimisation opportunities and related internal procedures to assure that this framework is respected and aligned with global regulation. The paper argues that, in light of increased data collection, the very notion of PII or personally identifi able information is more than a vague concept and that necessary deidentification of data is not as easy as is suggested. Indeed, instead of focusing on the data alone, the conversation should also consider how the data is being used. This begs the question ‘what risk does an individual face if their data is used in a particular way?’ Borrowing from Spanish information security best practices and in light of increasing data breach regulations, the paper examines how data fl ows and merging of data should be defi ned and secured in order to assure accountability through an entire data life cycle. Such life cycles must also include evolving legislative minimal and maximum data retention periods, after which action must be taken, either through anonymisation of collected and used data or through its thorough deletion. Finally, data transits through multiple systems, hosted within multiple environments, ranging from internal and national to international cloud-based solutions. Each actor in this data chain has a role to play and responsibility to abide by in order to assure compliance and mitigate risk.

Keywords: privacy by design; data minimisation; PII; de-identification; data life cycles; data anonymisation; data retention periods; cloud based solutions (search for similar items in EconPapers)
JEL-codes: M3 (search for similar items in EconPapers)
Date: 2014
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/1655/download/ (application/pdf)
https://hstalks.com/article/1655/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:ama000:y:2014:v:1:i:1:p:66-74

Access Statistics for this article

More articles in Applied Marketing Analytics: The Peer-Reviewed Journal from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:ama000:y:2014:v:1:i:1:p:66-74