Information Security & Privacy in a Digital World
CNN published an interesting report today by Peggy Mihelich, "Price of virtual living: Patience, privacy." It contains many interesting and thought-provoking statistics and other info, many of which impact information security and privacy directly or indirectly.
When was the last time you walked through a public area, such as a grocery store, airport, and so on, and did NOT see someone using or posessing some type of technology device, such as a cell phone, blackberry, or digital camera? How many of these devices on the street contain business information along with the device-user's own assorted types of information?
I found the loss of patience associated with technology discussion interesting.
"Time in the virtual world takes us away from time spent in the real world. Though studies are inconclusive and ongoing, some psychologists warn that too much virtual exposure can undercut face-to-face interaction, lead to depression and isolation, and erode our patience. "We don't have the tolerance any more to wait," Rosen said. "Listening to people talk slowly or talk, period -- we just can't tolerate it." A recent Associated Press poll found that Americans start to feel impatient after 5 minutes on hold on the phone or 15 minutes in line. Technology has brought us to a world where we have to have it when we want it, and we want to have it all simultaneously.""
Well, I've always gotten perturbed if I'm kept on hold for more than 5 minutes (actually less) when calling a company. This has more to do with good customer service than with technology, however. I also have never waited more than 10 or 15 minutes in line, such as waiting to be seated in a restaurant. I don't care how good the food is, I've always felt more than 10 minutes of doing nothing but sitting in an overcrowded bar just to be seated is wasting way too much time I could be spending doing something productive.
However, this loss of patience issue is something to keep in mind when addressing customer questions about their PII, your company's privacy and security practices, and so on. Be prepared for how you handle these questions ahead of time, and don't give them the run-around. Remember, everyone tends to be impatient.
The impatience issue is also something to keep in mind when you are creating your information security and privacy training and awareness materials. Get to your point clearly and succinctly...don't make your audience impatient and lose their attention with a lot of unnecessary information, or by using delivery methods that take up more of their time than is really necessary.
"E-mail lets us send a quick response, and IM lets us carry on a real-time conversation with someone halfway around the world - a great and inexpensive convenience, but a behind-the-screen form of communication."
Email and IM brings along with them their own unique and significant information security and privacy concerns...something to explore in another post or paper...
"A Federal Trade Commission survey found that from 1999 to 2003 more than 27 million Americans were victims of identity theft, costing them and businesses more than $50 billion. Personal data used to be protected by "practical obscurity," meaning that public records existed on paper or in isolated databases in courthouses and government offices. The information was legally within reach, but accessing it usually took hours or days and a lot of leg work. But that's changing, Steinhardt said. Communication, transaction and other public and private records have moved online, and they can be pulled together in minutes to create a picture of our lives. Typing someone's name into a search engine or online phone directory can reveal where they live. Going to their local government Web site can reveal how much their house is worth - and how much they pay in property taxes. Checking another Web site can reveal how much they contributed to political campaigns."
There are still too many people...too many business executives, leaders and decision-makers...who believe that obscurity is a form of security. The abundance of electronic PII stored in so many different places puts the PII at risk...and truly does create ways to tell much more about people than just one or a few of the PII items alone could provide.
Technology is great...it is a very powerful business tool. "With great power comes great responsibility." Yes, I'm a Spiderman fan. :) However, this statement is very true with regard to the power businesses wield over the PII they possess.
Isn't it amazing to consider that just a little over a decade ago emails were primarily shared within organizations, through mainframe-based systems...now most businesses would be lost without the ability to communicate with all their business associates and customers via email. Cellphones have virtually replaced the pagers. It will be very interesting to see what types of technology dependencies will be created for business in the coming few years. I'm sure most, if not all, will have significant information security and privacy issues.
Technorati Tags
information security
IT compliance
technology
privacy law
password security
awareness and training
privacy
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine