Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Use COSO for SOX and Other Compliance Activities | Main | Canadian Privacy Commissioners Release TJX Investigation Report »

Security and Privacy Pros Believe...Yes! Privacy Still Does...Or At Least Can...Still Exist!

Last Friday I had the pleasure of discussing the question of, "Do We Have Privacy Anymore" with a group of highly regarded information security and privacy pros, including:

* Michael Santarcangelo, moderator and "expert on changing the way people protect information"

* Andrew Hay, Manager of Integration Services @ Q1 Labs, blogger and author of OSSEC Host-based Intrusion Detection

* Dr. Anton Chuvakin, Chief Logger and Blogger at LogLogic

* Martin McKeay, affectionately called Cpt. Privacy

* Dan York, Producer and Co-Host, Blue Box: The VoIP Security Podcast

We talked for an hour, but it seemed as though we had only talked for a few minutes; time flew by much too quickly! There were so many issues to discuss... privacy is a very broad area.

One of the points I think is important to make is that privacy is impacted (lost or preserved) basically in two ways:

1) By the actions each of us take with OUR OWN personally identifiable information (PII).

People need to be more aware of how they put their own PII at risk; by posting embarassing photos to their social networking site, thinking that others will not copy them, posting addresses and phone numbers, their whereabouts on certain dates at certain times, and so on. People need to think more about how they handle their PII and what they tell others.

and

2) By the actions OTHERS take with our PII.

Organizations MUST BE HELD RESPONSIBLE for providing strong safeguards for the PII with which their business partners, customers and employees have entrusted them. The largest reported breaches, and overwhelmingly, by far, the largest numbers of privacy breaches, occur because organizations had inadequate to no safeguards or controls in place.

I took a couple of pages of notes during the roundtable of thoughts and ideas I had that we did not get around to covering in depth because of the great conversation we had that filled our hour. Ideas about...

* How privacy has evolved throughout history, and how evolving technologies in the past decade have changed the previously mentioned actions in many significant ways.

* How referencing certain U.S. federal laws, such as HIPAA and GLBA, as "Privacy Laws," when they are actually just data handling laws, confuses the concept of privacy further.

* The risks of perpetuating incorrect PII within multiple databases.

* So many other issues...

I believe at the core privacy is the concept, the reality, of having the ability to maintain control over your private life and associated information; keeping others from invading it without your permission, and obligating those you entrust pieces of it to, businesses, employers, government and so on, to not break that trust, violate or eradicate your control over it.

Listen to the podcast and let me know your thoughts!

Tags:                            
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on September 24, 2007 7:40 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/526

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.