2015: The Year of Data Privacy
2015 may be the year of data privacy. While the preceding decade has been a slow crescendo of data privacy issues, we are entering a possible overture.
1 February 2015
Data Privacy Day was being celebrated for the 9th year this January 28th. Known as Data Protection Day in Europe, the date comes from the Convention for the Protection of individuals with regard to Automated Processing of Personal Data, which was opened for signatures at the Council of Europe on that date in 1981. A plethora of organizations, from regulatory authorities to cybersecurity organizations to industry trade groups to businesses across the globe are getting involved. The goal is to raise awareness among consumers about data privacy issues and encourage businesses to respect privacy in their operations and products.
2015 is shaping up to be the year of privacy, though I can’t imagine it tapering off in subsequent years. While the preceding decade has been a slow crescendo of privacy issues, which peaked with the Snowden revelations in 2013, we are now entering what could be described as the overture. Over the past year, companies have been rushing to fill the void of privacy fear with new products and services. Nowhere was this more apparent than at the International Consumer Electronics Show (CES) in Las Vegas earlier this month. For the first time, CES had an entire section dedicated to personal privacy. Unfortunately, that section was only a fraction of the overall event, with most companies touting their internet connected devices and giving potential short shrift to privacy and security. However, they do so at their own peril.
FTC Chairwoman Edith Ramirez addressed the show, encouraging participants to take privacy seriously in the design of their products. In a world where your baby monitor becomes internet accessible, companies risk not only the wrath of regulators, but also that of the buying public. Nothing steers customers away like attention grabbing headlines of how your product or service was hacked. The FTC has been aggressive at not only going after companies for inadequate security, but also for false claims of privacy. They may not have the robust legal authority of their European counterparts, but that doesn’t mean they are shying away from enforcement at every possible opportunity. The recent settlement with SnapChat is a good case in point. SnapChat’s ostensible raison d'être was that snaps (aka photos) disappeared ala Mission Impossible after a number of seconds, forever erased into the ether. Unfortunately, for SnapChat, that was a false promise and they now get the honor of being under the FTC’s watching eye for 20 years, something every good company desires, right?
Government agencies seem to be internally at odds with one other. Witness the FBI’s distaste for Apple and others instituting more robust security and encryption in their consumer devices. The common refrain is that law enforcement is going dark, when in reality we live in a “golden age of surveillance,” according to professor Peter Swire. Unfortunately for them, making it easier for the government to access makes it easier for criminals too. Ignoring privacy considerations also makes it easier for government officials to use private information for non-law enforcement purposes. With an increasing number of cybercrimes being committed by insiders and not necessarily targeting the traditional cash cow of credit card thievery, robust privacy and security must become the norm in the corporate world.
R. Jason Cronk
R. Jason Cronk is a privacy engineering consultant with Enterprivacy Consulting Group, a boutique privacy consulting firm, where his current focus is on helping companies overcome the socio-technical challenges of privacy through privacy engineering and Privacy by Design. He is a CIPP/US, a Privacy by Design ambassador, a licensed attorney in Florida, an author, blogger, speaker and passionate advocate for understanding privacy.