Establishing new norms for data privacy

Opinion by Yves Le Roux

In the modern world, data is collected on who we are, who we know, where we are, where we have been and where we plan to go.

In the modern world, data is collected on who we are, who we know, where we are, where we have been and where we plan to go.

This trend is increasing and there is no end in sight. Analysing this data gives enterprises the ability to understand and predict where humans focus their attention and activity at the individual, group and global levels.

As some will say, personal data is the new 'oil', a valuable resource of the 21st century. It will emerge as a new asset class touching all aspects of society.

High-profile data breaches and mis-steps involving personal data seem to be reported by the media each day. Tension has arisen between individuals (who feel powerlessness over this data-grab) and businesses (that rely on our data to market to us).

A Hogan Lovells whitepaper said: “Every single country that we examined vests authority in the government to require a cloud service provider to disclose customer data in certain situations, and in most instances this authority enables the government to access data physically stored outside the country's borders, provided there is some jurisdictional hook.”

Another factor in this debate is what some consider 'cyber war' between countries. When introducing the Cyber Intelligence and Sharing Protection Act (CISPA) in February, US House Intelligence Committee chairman Mike Rogers declared: “American businesses are under siege. We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats.”

Of course, the more individuals believe we are ‘at war' and buy into nationalistic rhetoric, the more willing we are to give up privacy, freedoms and control over how the internet is run.

I recognise an increasing momentum to establish new norms to guide how personal data can be used to create value. For example, the Organisation for Economic Cooperation and Development (OECD) and its member governments have been discussing how to refresh their principles for our hyper-connected world.

Other groups, such as the Centre for Information Policy Leadership, have been focusing on accountability: ‘Who has data about you? Where is the data about you located?' In addition, different business sector associations/consortia and regional authorities have been considering how these principles apply to their particular applications.

The Global System for Mobile Communications Association (GSMA) has developed principles for mobile privacy, and the Digital Advertising Alliance has developed principles for the use of data in online behavioural advertising.

The proposed European Commission Data Protection Regulation, which is currently under discussion by the European Council and Parliament, is the most comprehensive attempt to establish new norms for the flow of personal data.

The Asia-Pacific Economic Cooperation forum is establishing a cross-border privacy-rules system to harmonise approaches throughout the region.

In short, there are bodies exploring these issues.

That is a good thing, considering that we are at an important juncture regarding this topic and the decisions we make today will have serious implications long into the future.

Yves Le Roux is a member of the ISACA Guidance and Practices Committee and the ISACA Privacy Task Force and principal consultant at CA Technologies - France


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events