The Social Stuff
5-4. No, that’s not the vote count in a partisan Supreme Court decision or the score of a Major League Baseball Spring Training game.
It’s the number of “Dos” versus “Don’ts” on Google’s recently published blog post on the public implementation of the always-controversial Google Glass.
If you’re a Glass user, you might want to read it so you don’t get attacked…
By now the saga is familiar. After the White House tasked the National Institute of Standards and Technology (NIST) last February with developing a “Cybersecurity Framework” to reduce cybersecurity risks connected with “critical infrastructure,” a year to the day later, NIST released its final Version 1.0 of a “Framework for Improving Critical Infrastructure Cybersecurity” along with a companion “Roadmap” and supporting documents.
The many NIST workshops and weekly conference calls over the last year—Full disclosure: I took part in many of NIST’s working group calls—initially resulted in a draft and then 44-page preliminary framework, released last October and covered by the IAPP here. The preliminary framework spurred significant discussion and controversy during the 45-day public comment period following its release, primarily in connection with the “Privacy Methodology” depicted in Appendix B.
Mobile device tracking is a big deal in the retail world, a very big deal. So big that it can transform the retail industry. Which is why last week I attended the FTC’s Mobile Device Tracking Seminar to learn more.
Here’s the big picture.
In the last few years there has been a dramatic change in the opportunities organizations have to generate value from the data they collect about customers or service users. Customers and users are rapidly becoming collections of “data points” and organizations can learn an awful lot from the analysis of this huge accumulation of data points, also known as “Big Data.”
Organizations are perhaps thrilled, dreaming about new potential applications of digital data but also a bit concerned about hidden risks and unintended consequences. Take, for example, the human rights protections placed on personal data by the EU. Regulators are watching closely, intending to preserve the eight basic privacy principles without compromising the free flow of information.
Some may ask whether it’s even possible to balance the two.
Recently, as I was speaking to a talented group of law students, I was asked the above question. This has also been a related theme underlying some of the recent posts on the IAPP Privacy List. I’m not sure if this list is what those who want to enter the privacy field should cultivate in themselves, what current privacy officers are like or what we should be aiming for as a profession.
To build this list, I searched online for the top 10 traits or characteristics of compliance officers, salespeople, CEOs and managers. In essence, I could stop this blog entry now—that is what we are and should be: compliance officers, salespeople, CEOs, managers and let’s include janitors as well. In fact, let’s look at it that way: What job skills does one need to be an effective privacy officer? If we were to brew the perfect privacy officer, what career fields would we throw into the kettle?
The cloud is going mainstream.
Many organisations are embracing cloud computing enthusiastically as a means to improve business processes while, potentially at least, making substantial cost savings along the way. Others, meanwhile, are proceeding at a more measured pace. Cautious adopters include companies that operate in heavily regulated sectors such as financial services and healthcare, as well as many government agencies and other large organisations with substantial investments in legacy IT systems and processes.
Whatever sector you work in, however, it is time to get to grips with cloud computing and, in particular, the privacy implications of cloud procurement and deployment arrangements.