Security and Privacy: Stop Plotting Against Each Other
When I first started working as a grown up, PCs were brand new. I shared one with my office neighbor, mostly for word processing, creating spreadsheets, and creating presentations – which I would then take on a floppy disk to a plotter, a device where clear slides called transparencies were eked out page by page, color by color, as I watched and filed my nails. No kid today would even know this sorcery of which I speak. These devices were not networked, nobody was hacking into them, no “big data” was gleaned from them, and you simply shut your PC off at night to save energy. Nobody had a computer in the form of a phone in their pocket, nobody carried a camera around on a daily basis, and unless you were Agent 99, you had bulky devices that were obvious when in use.
"Privacy cannot exist without proper security measures"
Our personal information, to the extent any was collected at all, was in a filing cabinet with a lock. As a woman, I had concerns about my physical security at times, but never about my data security. If I had concerns about my privacy, it was all on me. I simply shut the curtains and my mouth. Back then, I didn’t really see much of a relationship between my privacy and my security.
Today is an entirely different story. Privacy cannot exist without proper security measures. My personal data, and hence my privacy, cannot be protected without an investment from me, and many others, in securing that data. We often see privacy and security news discussed in tandem in a seamless conversation about data use, protection, and loss.
Individuals often care about cyber-security because they worry that they will be the victims of fraud and theft without it. We can’t even log on to a seemingly innocuous public Wi-Fi network without risking theft of email messages, credit card account information, user names and passwords, etc. Our computer whizzes will need to morph into cyber warriors to protect our personal data and our privacy.
While corporations are well aware that cybersecurity risks also include theft of valuable intellectual property, often that is not what makes the headlines – many remember that the Adobe Systems’ cybersecurity incident involved millions of customer accounts, but few remember that it also included source code.
Security and privacy are inextricably linked when considering much less nefarious and even beneficial uses of personal information, too – from tailored advertisements to better user experiences to societal improvements. Where would I be today without my smart phone? Literally, where? I have no internal compass, I get lost in all the best places, and a navigation system in my pocket is one of the best things that has ever happened to me. Like Veruca Salt from Willy Wonka movie fame, we want our phone apps and we want them now! But we also want mobile security to avoid leaving users' personal information, including passwords, addresses, door codes and location data, vulnerable to hackers.
There are real rewards for everyone in appropriately collecting and securing data, including our new friend “big data.”The U.S. Centers for Disease Control and Prevention (CDC) won an award in 2014 for using big data analytics to combat the remaining pockets of polio around the world. Big data can help with all kinds of health problems, but there’s always the privacy issue to consider. Big data is transforming everything from real estate to education; it simply can’t be stopped. And yet the privacy and data security concerns regarding personal data, including student data, are well known.
So with data use, loss, and theft so inextricably linked to concerns about security and privacy, why do I still hear professionals in these fields discussing the benefits of being siloed and advocating for some kind of tension necessary for “each side” to prosper? There are no sides. There is only one giant mosh pit of privacy and security issues to which we all belong. Sure, you can have security issues that don’t invoke privacy rights, such as a data breach that involves intellectual properly alone. But if you are responsible for managing that type of incident, chances are very high that you’re on the hook for the other kind, too – the kind where social security numbers, credit card data, or health information is lost or stolen. On the product side, you could inadvertently build the equivalent of a bullet-proof glass house that nobody wants to buy – very secure, but not very private.
So why is there still a concern about managing both privacy and security, strategically, together? Privacy and security professionals often have similar goals, such as data protection, availability of quality data for a company’s use, and creating a good customer experience. Why take sides when the walls have already come down? You don’t have to be an expert in both, but why wear blinders to half the equation? Why so much hostility to change that has already occurred and is not slowing down?
Take a tip from Dr. Phil on marital relationships, which applies equally to business relationships: “Stop the ego-driven power struggle. If you put your relationship in a win/lose situation, it will be a lose/lose situation.”Viewing data collection, management and protection as a competition often means there’s a winner and a loser, which is more likely to polarize the extended corporate family of Policy, Public Relations, Marketing, Sales, Legal, etc. and lead to bad decisions. Optimizing both privacy and security, whenever possible, leads to a better solution that is less likely to have unforeseen gaps. And in those instances where one might have to sacrifice for the other (for example, greater impact on an individual’s privacy rights for greater security in criminal cases), at least that decision is made with a unified strategy and policy position. Breaking down silos and avoiding self-induced tension makes for a better solution, based on shared principles and values that come from a relationship built on trust. And there’s nothing new about that concept; it’s been around a lot longer than floppy disks and plotters.