Ten Things We Know About Privacy.
Principles for using live data, to build a better future.
The internet is continuously enhancing our ability to connect people and objects around the world. We can better understand these connections by visualizing them in different ways. One way of doing this is to organize these connections by location. This enables us to better leverage this big data.
Sourcing intelligence from personal information can be precarious. If done without caution, the privacy of the individuals that create and own this information is jeopardized.
What is Echosec?
Echosec is a new type of search engine. It gathers publicly available, constantly changing data and displays it on a map. Echosec helps other organizations succeed both on the web and in the real world, by changing the way they see information.
What does publicly available mean?
“Publicly available” means that the information is visible to anyone who finds it. For example, a company’s homepage is publicly available; their employee-only documents are not.
This definition applies to social media as well. Most social media posts are visible to the public, allowing anyone to see them. On the other hand, private messages between users, visible only to the sender and receiver, are not publicly available.
When a post is deleted, or the owner changes its visibility to private, it is no longer publicly available. This is true even if the user’s account remains active and open to the public. Similarly, if a user hides their account or makes it private, their posts stop being publicly available.
When a public post is modified, only the modified version of the post is publicly available. There is essentially no difference between editing a post, or deleting and re-creating the post. As discussed above, the deleted post is no longer public. As a result, publicly available data must be accurate. The user has the right to keeping their information accurate and up to date.
Why is this important?
Echosec collects data from numerous sources, including business locations and shipping AIS data. However, much of the data Echosec displays comes from social media.
Social media data is inherently personal. Because of this, Echosec has a steadfast approach to privacy, data storage, and transparency.
Some location-based search engines have large data warehouses that house historical social media data. These search engines have the ability to retrieve many years worth of posts, whether these posts are still publicly available or not. This means they may not respect modifications to posts, instead showing the content of the post when it was originally retrieved.
Echosec performs searches in a similar way to other products. The key differentiator is that Echosec does not store any data from these searches. This is a defining and intentional characteristic of the product.
If a post is removed by a user, it will disappear from Echosec searches as well. If a post is modified by a user, Echosec will retrieve the updated version whenever an Echosec search is performed.
Echosec adheres to the “Right to be Forgotten” principles that are practiced in most developed nations around the world. The Right to be Forgotten means respecting changes made to the public record.
There is an ethical responsibility attached to working with social data. For this reason, Echosec has constructed this document, which describes the company’s approach to issues around privacy, data storage, and transparency.
This document will continue to evolve as new laws are accepted, and outdated policies are removed. By respecting all of these principles, Echosec is able to operate legally and ethically in major jurisdictions worldwide.
With all of this in mind. Here are:
The 10 Things We Know About Privacy
- Get Consent for Collection
- Respect The Right to be Forgotten
- Expect Accuracy
- Encourage Transparency
- Limit Collection
- Require Accountability
- Limit Retention
- Support Individual Access
- Employ Safeguards
- Challenge Compliance
When a user signs up for a social media account, they consent to their information being publicly displayed. It is the responsibility of each social media provider (Facebook, Twitter, Instagram, etc.) to attain this consent at the time of sign up. Most of them acquire this consent with a checkbox and a “terms of service” document.
Data providers get consent from their users, which allows them to display public social media data. When someone signs up for Echosec, they give consent for the collection of their information. This includes sign-in credentials, user credentials, and search boundaries. If anyone is concerned about what information they’re giving a company access to, they should read the terms of service upon signing up.
Users do consent to their information being publicly displayed. They do NOT, however, consent to losing control over their information. Users reserve the right to delete or update their information at any time. Echosec respects the right to be forgotten, as discussed above. This applies to Echosec customers, as well as the individuals whose public information is accessed.
Individuals have a right to ensure that their personal information is accurate. The owner of the data must be allowed to update their personal information and correct inaccurate data about them. Because Echosec does not store data, any changes made by the user will automatically replace the old information.
The collection of personal information should be limited to what is necessary, and should be collected by fair and lawful means. For instance, by asking the user for the necessary information. Echosec only retrieves the information from the data providers that is necessary to perform its searches.
More details can be requested from the privacy officer at Echosec (email@example.com).
Any company accessing an individual’s personal information should be held accountable for that individual’s right to privacy. Without accountability, there’s no motivation to adhere to any of the privacy principles outlined in this list.
Echosec is accountable for any and all personal information it collects. The company’s Chief Privacy Officer ensures the company’s adherence to privacy objectives.
If personal data is no longer required, then it should be discarded securely.
Echosec only retains personal information as long as is needed to perform a search. It is then promptly discarded from its caches in accordance with the terms of service of each data provider. Typically, the information comes and goes from Echosec servers within minutes.
Individuals reserve the right to have access to any information collected about them. If users lose access to their personal information, they’ve effectively lost control over it. This violates the principles of transparency, accuracy, and the right to be forgotten. Upon request, Echosec will inform an individual about any personal information collected about them. Individuals may challenge the accuracy or completeness of that data at any time.
Personal information should be kept safe. The data held by Echosec’s short-term cache is tightly secured against unintended access. All data is kept separate from other customers by advanced federated sharing technology. Access to the servers themselves is secured by asymmetric authentication.
Individuals are allowed (and encouraged) to challenge an organization’s compliance with privacy. If you believe a company is violating any of the above principles when dealing with your personal data, challenge them!
Echosec is compliant with the privacy legislation of British Columbia and Canada. The company has performed a Privacy Impact Assessment (PIA) to demonstrate this. Individuals can challenge Echosec’s compliance by contacting the company’s Chief Privacy Officer at firstname.lastname@example.org.
To wrap up:
Echosec is a powerful tool. The company takes great care in setting the highest standard for privacy and education in the world. The company participates in regular dialogue with the public, including teachers, law enforcement, and privacy regulators across the globe.
More educational materials can be found on the Echosec Blog.
Any individual with concerns about Echosec’s privacy compliance are encouraged to contact the Chief Privacy Officer of Echosec at email@example.com.
For a complete list of our data providers’ privacy policies please contact us at firstname.lastname@example.org.