Mathew Ingram wrote an interesting piece on Gigaom entitled Privacy is Hard Because People Change Their Minds. 

From the article:

“Why is privacy so hard? Sociologist Danah Boyd, who specializes in the way people use social networks, says in the latest issue of MIT’s Technology Review magazine that it’s because “the way privacy is encoded into software doesn’t match the way we handle it in real life.””

The article talks about “civil inattention”, which is roughly the personal equivalent of “practical obscurity“.   It means that when we are having a conversation in a public place, “people will politely ignore us, and even if they listen they won’t join in, because doing so violates social norms.”

The article goes on to say:

In other words, we all view privacy differently based on the situation we’re in, the other people around us and our relationships with them, our goals and desires within that particular situation, and so on. These things combine to create a complex web of competing pressures and incentives related to whether we keep something private or not: a web so complex that it makes a mockery of the various tools that most services such as Facebook use to help you manage your privacy.

Thus one of the reasons privacy is so complex is that it combines technical, business, cultural, educational, and behavioral issues.

As another illustration of complexity – and how privacy is about personal viewpoints and choice - take a look at this NY Times article entitled Technology Aside, Most People Still Decline to Be Located.  Location based services are all the rage now - such as Foursquare, and the recent Facebook controversy.  It talks about how many people are reluctant to share where they are – even if they are willing to share other information.

For the London Free Press – August 30, 2010

Read this on Canoe

The open data movement – the concept that certain data should be made available to everyone to use without restriction- is growing steadily in popularity.

An example of open data use is the eatsure.ca London restaurant inspection score site using data from the health unit. Another is the Next Stop mobile app that shows the actual location of London transit buses using data from London Transit.

The concept applies mainly to data held by government and public corporations. They have information from which the public can benefit and it allows individuals to use and present that data in ways that the owner of the data may not have the time or inclination to do.

It is similar to the concept of transparency, which upholds that government and business should be accountable to their stakeholders.

While the concept of transparency and open data are laudable, all types of information should not be freely available.

Privacy obligations prohibit personal information from being disclosed. And there are other things that, for various reasons, ought to be confidential.

Some information needs to be kept confidential for competitive reasons, and to facilitate frank and open internal discussion on various matters.

For example, negotiations or bids for a contract could get derailed if the details were disclosed.

Open data means we can’t rely on practical obscurity to filter things that are theoretically public, but in practice are quasi-private because it is not easy to access. Court files and property assessment information, for instance, are public, but it takes time and effort to get to them, thus in practice, limiting access somewhat. Attempts to put them online have resulted in privacy and security concerns.

Open data does not apply to information about individuals. The decision to reveal personal information is, for the most part, the decision of that individual.

Except where freedom of information legislation requires disclosure, individuals and organizations still are at liberty to make their own decisions about what information to disclose.

Open data is a good concept, and will result in information being used in new and useful ways.

The concept, however, is a movement, not an obligation. Those opening up data need to think about what information ought to be disclosed, and what limits are needed to protect personal, confidential and sensitive information.

Public transit locations, restaurant inspection data, and information about the status of public facilities are easy to justify making open. Each type of data needs some critical thought to ensure opening it is appropriate and does not violate legal or contractual obligations.

David Fraser points out that the year Facebook said it needed to address privacy issues raised by the Canadian Privacy Commissioner is over, and there is speculation that the Commissioner may not be satisfied.

It will indeed be interesting to see how this shakes out.

Frankly, the things that Facebook does from time to time suggests that Facebook / Zuckerberg either doesn’t understand or doesn’t care about privacy. 

Privacy issues can be complex and controversial – but the basic concepts of personal choice, transparency as to what is being done with one’s info and how to control that in a simple manner, and opt-in to new privacy sensitive features – should be easy to get.

For the London Free Press – August 23, 2010

Read this on Canoe

Best Buy employee nearly fired for online video poking fun at iPhone consumers

The amusing (though sprinkled with colourful language) iPhone 4 vs. HTC EVO video on YouTube almost cost the creator — a Best Buy employee — his job.

The video portrays an electronics store employee trying to convince a person wanting an iPhone 4 to buy an HTC EVO 4G instead. The video has had about seven million views.

The video was made by Brian Maupin, a 25-year-old from Kansas City, Mo. For the past 3 1/2 years he worked at Best Buy selling mobile phones, something he may decide never to do again. This comes after he was suspended from work and faced threats of being fired.

Maupin explained Best Buy “felt it disparaged a brand they carried (iPhone/Apple) as well as the store itself and were fearful of stockholders and customers being turned off to Best Buy Mobile.”

But if you watch the video, you will see there isn’t any mention of Best Buy at all. The cartoon employee identifies the store as “Phone Mart.” The characters are not wearing anything that resembles the Best Buy uniform and are standing in an outdoor field with a pink tree.

Best Buy recently announced they will not fire Maupin.

“We have completed our investigation into the videos created and posted by Brian Maupin, the aspiring film-maker and Best Buy employee. This is an important situation for us because it involved balancing our social media guidelines with a commitment to creating a supportive environment for our employees. It’s important to note that our investigation involved three videos that were posted in late June because they were openly disparaging of our employees, our customers and our vendor partners. . . . Contrary to rumours, Brian has not been fired, and is scheduled to return to his job.”

But Maupin has chosen to take a leave of absence and is thinking about kick starting his graphic design career.

“I’m not planning on returning to work — immediately, anyway. Honestly, I don’t know how I could return considering some of the things that were said to me and not have a lot of awkwardness on the job. I’m looking at possible jobs in graphic art — nothing definite yet, but I’m searching.”

Maupin has taken a stab at the situation in his most recent video, “TweetFired”.

In TweetFired, a pants salesman at fictitious “Stacks o’ Slacks” gets a stern talking to by his boss because of the tweets he posts on his Twitter account — tweets that have absolutely nothing to do with his job. His boss has apparently been stalking him on social media, and accuses him of “painting a very negative picture of working here in 140 characters or less.”

Internet tools and social media increasingly blur how one’s personal and work life overlap. Employers struggle with the extent to which they may be prejudiced by those actions, whether they should just ignore it, and what legal rights they have over actions employees consider personal.

An article in the Out-Law News entitled Customer data most popular stolen item for departing workers, claims industry survey refers to a survey that found a significant % of workers would take electronic and customer information with them when they leave a job.   The figures should perhaps be taken with a bit of skepticism, as the company doing the survey offers tools to monitor and control employee access.

Nonetheless, it is important to recognize that a significant number of privacy breaches, and leaking of confidential information, are internal – whether that be from a system issue, human error, or an intentional action. 

We can’t just focus on preventing external access.

That’s the title of my Slaw post for today.   It reads as follows.

Following my customer service post last week, I had an experience on the weekend where store clerks were so intrusive that it was annoying.  So much so that it makes me wonder if I want to go back to that store again.  It’s a reminder that while we need to be attentive to customer / client needs, it’s possible to cross the line from good service to annoying and creepy.  And it’s possible to try too hard to sell our services.

I went into a new store, and was immediately asked by a greeter if they could direct me to something.  He sent me in the right direction, where I was met by a sales clerk.  The sales clerk helped me decide between some options (a wireless N router in case you are wondering).  Once I had it in my hand, he asked if there was anything else he could help me with.  I said no – thanked him for his help – and that I might just look at a couple other boxes on the shelf to satisfy myself that I made the right choice.

So far, so good – but that’s when it fell off the rails.  

He started to try to sell me an anti-virus product, but continued even after I said I was happy with my current anti-virus product.   He told me he had to stay with me and walk me to the cash register.  I asked if he was on commission (thinking he wanted to make sure he got credit for the sale)  - he said no.  I asked why he had to do that – he said he didn’t know – it was a management rule.    Frankly, it felt like I was being stalked or mistrusted.  (I briefly considered wasting his time on a tour of the store to see how long he would stick with me – but I didn’t have time for that myself.)

So he indeed walked with me right to the cashier and stood there until I paid and walked out the door.

And to continue the irritation, the cashier asked for my name and address.  I asked why – he said if I lost my receipt and had to return it, they would have a record of the purchase.  I wasn’t satisfied with that answer, and saw no advantage to being in their database, so I politely declined.  While he didn’t say anything, that of course flustered and miffed the cashier.

So give our clients the attention they deserve, and make efforts to sell our services where appropriate to clients and potential clients – but don’t cross the line into pester and peeve territory.

For the London Free Press – August 16, 2010

Read this on Canoe

[UPDATE: Also take a look at this related Techdirt post entitled The Insanity Of Music Licensing: In One Single Graphic ]

Radio royalties are complex.

On July 9, 2010, the Copyright Board of Canada issued its long-awaited Commercial Radio tariff and reasons. It dealt with payments radio stations must pay to copyright collectives to obtain rights to play music.

The rights to use most music flows through copyright collectives that collect royalties from broadcasters and other users, so they don’t have to deal with rights holders individually. The collectives in turn pay the royalties to the rights holders.

Even with the collectives taking the place of rights holders, the various copyright payments broadcasters must pay for music are complex. Radio stations must pay for six different rights.

The board stated:

A Canadian radio station that broadcasts recorded music off a server reproduces and communicates musical works, performers’ performances and sound recordings. Four copyrights and two remuneration rights must be accounted for.

The board estimates that commercial radio stations will pay a total of $85 million annually in royalties under the new rates, an increase of $13 million over previous rates.

Of the $85 million in royalties, the board estimates $51 million will go to SOCAN, $13 million to Re:Sound, $11 million to CSI, $10 million to AVLA/SOPROQ and $200,000 to ArtistI.

SOCAN administers the exclusive right of the owner of the copyright in a musical work to communicate it to the public by telecommunication for most composers, authors, and publishers.

The second and third rights are the remuneration rights that performers and record companies enjoy when a recording of a musical work is communicated to the public by telecommunication. Re:Sound administers these rights for most eligible performers and makers.

The fourth set of rights is the exclusive right to reproduce a musical work. CSI, SODRAC and CMRRA administer these rights.

The fifth set of rights is the exclusive right to reproduce a sound recording. AVLA and SOPROQ act for most record producers, record companies and artists.

The sixth set of rights is the exclusive right in a performer’s performance to reproduce the performance for a purpose other than the purpose for which authorization was given. ArtistI, ACTRA PRS, AFM Canada Artisl, and others administer this right.

The estimated $85 million in royalties payable by radio broadcasters does not include instances where collectives have not filed tariffs. As a result, the $85 million estimate may be understating the monies payable by radio broadcasters.

The Commercial Radio tariff is a consolidation of several proposed tariffs filed in 2007 and 2008. If the board’s decision ends up being judicially reviewed by the Federal Court of Appeal, a final decision will likely be over a year away.

There is a growing trend for places like restaurants and retail stores to provide free wifi access for customers.  Its easy to set up – just plug a wifi router in to your internet modem, right?  Not quite.  It is important to set it up and maintain it so it is properly protected by a firewall, and is not connected to your internal systems.  You don’t want customers or internet malfeasors to be able to get access to, or compromise your internal systems and the information it contains – such as customer credit card information.

Storefrontbacktalk has a good article that details the risks, and what steps to take to avoid it.

That’s the title of my Slaw post for today.  It reads as follows:

Customer service is something that many different types of service providers talk about.  But it often fails in execution.  While many customer service concepts should be obvious, it is often not done well.  Sometimes its not easy when you are the one providing the service to see things from the customer / client’s perspective. 

How many of us, for example, get frustrated at a repair service that says they will arrive at your house sometime on Tuesday.

Or when someone promises to show up at 2:00, and its now 2:30, and you have heard nothing.

Or going for a doctor’s appointment at 9:00, but not getting to see him/her until 9:45.  Then leaving the appointment feeling that the doctor has rushed you through and not really listened.

So at the risk of stating the obvious, here’s some things to think about when we deliver legal services.

Set realistic times for meetings and delivery dates.  Better to under promise and over deliver than be late or over a cost estimate.  And if for some reason you are going to be late for a meeting or a delivery date, contact the client ahead of time and explain. (Just don’t make a habit of it.)

When promising delivery dates and setting fees, remember that we tend to overestimate the time it will take to do things we don’t like / want to do, and underestimate the time it will take to do things we like / want to do.

Make sure you listen to and understand the client’s concerns.  It may be routine to us, but new to them.

Make the service and documentation fit the need.  Simple is better in most cases. Don’t provide a complex solution or lengthy documentation for matters that don’t require it.

For the London Free Press – August 9, 2010

Read this on Canoe

Case involves actions undertaken by insurer State Farm on behalf of a client

The Federal Court of Canada recently released an important decision on the parameters of “commercial activity” under the Personal Information Protection and Electronic Documents Act (PIPEDA): State Farm v Privacy Commissioner.

The act is a Canadian law relating to data privacy. It governs how private-sector organizations collect, use and disclose personal information in the course of commercial business.

The act defines commercial activity as “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.”

In State Farm v Privacy Commissioner, the State Farm Mutual Automobile Insurance Co. questioned the privacy commissioner’s jurisdiction to investigate a refusal to provide access to personal information and her power to compel the production of documents during the course of an investigation.

Specifically, it dealt with a situation where State Farm retained a private investigator on behalf of an insured person who had been sued by a motor-vehicle accident plaintiff. The private investigator conducted video surveillance on the plaintiff. The plaintiff sought access to the surveillance footage under the act.

The court concluded it would not be commercial activity for a defendant, herself, to collect evidence for the defence of a tort claim. There is no “commercial character” associated with that particular activity. The court then concluded that, because the primary characterization of the activity is not commercial, using a third party (such as an insurer, a law firm or a private investigator) to carry it out does not render it commercial.

“I conclude that, on a proper construction of PIPEDA, if the primary activity or conduct at hand – in this case the collection of evidence on a plaintiff by an individual defendant in order to mount a defence to a civil tort action — is not a commercial activity contemplated by PIPEDA, then that activity or conduct remains exempt from PIPEDA even if third parties are retained by an individual to carry out that activity or conduct on his or her behalf. The primary characterization of the activity or conduct in issue is the dominant factor in assessing the commercial character of that activity or conduct under PIPEDA, not the incidental relationship between the one who seeks to carry out the activity or conduct and third parties.”

In this case, the insurer-insured and attorney-client relationships are simply incidental to the primary non-commercial activity or conduct at issue, namely the collection of evidence by the defendant . . . in order to defend herself in the civil tort action brought against her.

In other words, the decision essentially says that if the act does not apply to something that X does, the fact that X hires someone else to do it (which is a commercial activity) does not turn that something into commercial activity for X, and thus does not make it subject to the Personal Information Protection and Electronic Documents Act.