Privacy and data security continue to be a hot-button issue worldwide. For a primer on why these topics are so important, I recommend reading AvePoint Co-Founder and Co-CEO Dr. Tianyi (TJ) Jiang’s recent post on the subject on this blog. It’s an especially prominent topic of debate in the European Union (EU), and I recently blogged about the challenges organizations are facing around the new European Commission Data Protection Directive.
For this post, I have some additional thoughts to add on the directive, which is currently facing delays – though it should be understood that the directive is no less serious, and we’re continually talking to customers and organizations throughout the EU about how they will face stricter penalties for non-compliance and be required to proactively demonstrate compliance as well as notify about breaches upon their occurrence.
The Wait for the New Directive
As discussed in my previous post, new data privacy regulations are already in place for Internet Service Providers (ISPs) and telecommunications businesses, but the full sweeping EU Data Protection regulations have yet to come into force, and once they do they will still need to be enacted in national law.
An update is urgent, as it was 1995 when the last EU Directive was issued and the technological landscape and the amount of data being created, stored, and shared is vastly today. Back then, email and the internet were in their infancy, and concepts such as wearable technology, social media, mobile smart phones, and cloud computing were either unknowable or seemingly a distant future.
Now expand that argument across the entire the EU, with more than 500 million inhabitants, and add in agendas from business, politics, and even organizations not based in the EU who are interested in the outcome. The main issue with the EU’s single general privacy law is that if we want to achieve consensus, it is difficult to cater to every situation, location, industry, technology, nor individual.
Several powerful groups are lobbying. Not just professionals, citizens, or member states, but countries, commissioners, and businesses. They have several concerns, as the tighter the regulation, the greater effect it has on the ability to do business, the less freedom of trade, the less room to manoeuvre in a world which increasingly relies on personal data as a commodity of great value. Companies such as Google and Facebook command huge resources, and certainly have concerns on the impact the directive will have on them, as previously they have hid behind servers outside of the EU, and have tried to get all challenges heard on US terms – it seems this will not be the case any longer.
A Cohesive Societal Trust Model
Information governance continues to be a topic of greater and greater concern to businesses as regulations, standards, and laws continue to catch up with the new technologies. You can be sure that once the latest batch is released in the EU, technology will have advanced again, with wearable computers and other such developments, and new privacy and security concerns will have to be addressed.
Companies, governments, and citizens are increasingly aware of surveillance and privacy issues. Edward Snowden, Bradley Manning, WikiLeaks, the National Security Agency (NSA), and PRISM are all common and familiar discussion points, not just among industry professionals, but the public at large. We all now have to put our trust in brands with our information. The services we use, the relationships we seek, the treasured memories and media we consume and create, our internet searches, the opinions we blog, our locations, loves, hates and email correspondence are all moving through third-party businesses. As the amount of data increases, and the public interest grows, companies need to invest in privacy and information governance as they create and amass more and more data. We should all work together – not them versus us, but rather them and us – to create an ethical and collaborative approach.
The ultimate goal is to have governments, citizens, businesses, and technologists in open dialogue to create a better tomorrow. Until then, we all have a responsibility to care about our own data and educate businesses to care for and make best use of personal data. To me, the key is to understand that good information governance is not a barrier to doing business, but an enabler. Good and transparent privacy practices engender brand loyalty and customer trust, strong security protects the reputation or trade secrets and enables businesses to go to market with confidence.
To do this, organizations need the tools to know and understand the data they currently have, ensure it is in the right places, its value understood, its assets marked, and then appropriately protected. How many chances do you have to go to work and say that your efforts made a difference in someone’s life? Let’s stop accusing each other of privacy abuses, or trying to “get away” with it, and start to have a conversation – open a dialogue between the technical, policy makers, politicians, users, and citizens. Let’s go back to facilitating trust.
Could it be that to get privacy right, we must all be open?
AvePoint Compliance Guardian offers a real way to make a difference and effectively manage information – for everyone’s’ sake. To learn more about it, please visit our website today.