Bruno Wildhaber started his career in industrial electronics over twenty years ago and became a shareholder and manager in one of the first IT security enterprises in Switzerland. Since the successful sale of this business to Entrust he has participated as an expert in the establishment of the German Signature Law, and is a member of the expert group for "IT and the Law" of SWICO (the Association of the Swiss IT Industry). From 1995-1999 he was President of the Swiss Chapter of ISACA. He is a founder of the Competence Centre for Records Management. He has published several books on information security, IT-Governance and a practice guide for records management. Here's a link for Bruno.
8 reasons why privacy will be an increasingly important compliance concern
1 -- Horizontal information access means that personal and organizational profiling is here.
For many years, the best protection of your personal data was the inability of IT shops to deliver value -- because the tools were not there to dig through all the data and deliver useful information, the risk to privacy was mitigated! Today, not only IT professionals are capable of interconnecting internal and external data sources, but just about anyone with access to a search engine. This allows ubiquitous access to information, exceeding the wildest dreams of the creators of the original data. This means that private and government bodies can build comprehensive personal profiles of people and organizations.
2 -- Googlization challenges privacy.
Yes, everything stored on the Internet remains there forever. Old and outdated information -- whether true or not -- can have a long and sustaining impact on you. The more efficient and effective data retrieval becomes, the more transparent your life becomes to almost everyone using the Internet. The fundamentals of privacy state that you are the master of your data and have the full right to do with it what you want (i.e., “right to self-determination”). How will this fundamental privacy assumption be upheld as information access continues to grow and become more and more effective?
3 -- Privacy is not only about individuals.
Privacy is not only about your personal feelings but also about how private organizations and governments treat personal and organizational information. Poor control over access to information can have fundamental implications not only on individual privacy, but also on how corporate assets are valued in the marketplace.
4 -- User awareness grows - but will it help?
Our kids are already mature Web 2.0 users. Educated kids don’t (usually!) post information that might be a potential threat to their privacy. How does this apply to corporate information? In general, authenticity of information and the trustworthiness of the the sources of that information will be of increased importance. How organizations verify this trustworthiness will be an increasing challenge.
5 -- Sophisticated information security gains importance: watermarking and monitoring.
There is no privacy without information security. One of the fundamental misconceptions of many of the approaches to privacy legislation and regulation is the idea that it will be possible to prevent data of from being created and stored. We all know that this is an illusion. But we need to be able to find out whether data about us has been stored. The keyword is monitoring. As tools to search and retrieve data become more and more powerful, data compromising your privacy can be found much easier. So watermarking your personal data in some way will become key. In general, most of the actual security management systems lack a proper balance of prevention, detection, and correction. Most systems rely on prevention, a strategy which has not worked and continues to cost us millions.
6 -- International co-operation against privacy crime is a MUST.
Monitoring and tracking down the bad guys is nice, but we also need an international code of criminal procedures which allows to punish violators cross-border. As long as servers with illegal data can be placed anywhere in the world, law enforcement must be strengthened on an international level. Law enforcement must be allowed to drive active attacks against machines distributing illegal data. This is not only about privacy but cybercrime in general (identity theft is also a violation of privacy).
7 -- It is about companies, too!
During the last two years, awareness has risen that with new players like Google or Facebook, data privacy is an important concept to protect individuals not only from excessive data usage by government but also by private organizations.
8 -- Anti-trust regulation will impact privacy initiatives.
There is a relationship between the increasing number of Google anti-trust challenges -- especially in Europe -- and how privacy regulations and legislation will develop. As Google's ability to gather information accelerates, the company would be wise to apply it's "do not evil" mindset to get ahead of privacy legislation, rather than wait for mandates to be trust upon it.