Many pundits have asked as technology has become increasingly capable, whether privacy is dead. Yet, each January you can add your voice to Data Privacy Day, this year on the 26th. Clearly, the voices have become louder as poor industry practices result in our non-public data – including mine – being released.
While I do not claim to know your feelings on this topic, I can state unequivocally that #MyDataMatters and one more thing – that I expect the companies that I trust with my data to protect the information that I share with them or that they collect about me through their analytical systems.
This international holiday is our opportunity to raise awareness of the importance of our personal privacy. We want organizations to improve their enterprise data protection practices. On January 26th, it is important that we as consumers tell the businesses and organizations that we have relationships with, that we expect them to do more than simply put a wall around their business or practice simple identity management. These tools have little value in protecting our data. To protect our data, we need them to do more than build a fortress or add a moat. As Sharon Pitt, CIO at Binghamton University said recently, we need them 'to protect data wherever it pools or flows.'
It is time for them to invest
Let’s face it, protection today can no longer be simply about locking the bad people out when the fact is that they will get in. The question needs to become, what will they find when they get in? Will it be our personal information or instead what appears to be (as my UK friends like to say) rubbish? The answer to this question is the reason that the organizations you work with, need to invest today in better protecting data. But while this may seem kind of obvious, too many businesses say that they cannot build an effective business case here.
What should they invest in?
One CIO put it this way, 'security needs to move from perimeters and applications to the point of data consumption because the entire world is an organization’s perimeter.' In contrast to the past when all data was in one secure place, today’s computing no longer has clear perimeters and as such, CIOs tell me the focus now needs to shift from protecting systems, to protecting data itself. A CIO explained the problem in a way that everyone can understand: 'You know those flight maps in the airline magazines? Those are our data flow maps; we have in our environment data flying all over the place.'
Today protecting our data needs to become the focus of the Data Privacy Day discussion. It needs written policies, user transparency, and data protection – attention needs to be given not just to the pieces, ‘but to the whole enchilada’.
CIOs and CISOs need to refocus their attention to what Michelle Dennedy, Chief Privacy Officer for Cisco and co-author of The Privacy Engineer’s Manifesto, calls 'data-centric and person-centric' protection. Since not everyone should have complete access to data, taking an approach that limits information’s exposure means that the bad guys winning completely becomes impossible.
The opportunity exists now to protect our personal data and eliminate risk. And honestly, in the electronic age, we should pick our relationships with organizations based on whether they take up this mantle or not.
It is time that you ask
Now this request may seem a little unusual, but how your data is protected matters. Ask organizations, are they just putting up a perimeter and saying that is good enough? Are they creating a big data instance to experiment to the side and not protecting your private information? One of the bigger recent hacks in the US had this as the problem.
It is time that we as privacy aware consumers say that our data matters. You can do that simply by tweeting out to #MyDataMatters and #PrivacyAware why you care. Only by voicing that you care, will your relationships invest in protecting your data from the potential of external release.