Some would argue that digital privacy is fast becoming the next frontier in human rights. Indeed there are those who would say we have already missed the boat in this regard.
Business leaders, policy makers, corporations and ultimately each and every person needs to decide if they want their information “out there”. Do we really want everyone in the cyber world to know everything we do, everywhere we go, having access to our personal health information to the most mundane activities of daily living? Without realizing the value of the data jigsaw that makes up our lives we are actually creating our digital persona. When we want to set up a new account we’re asked to login with (for example) our Facebook credentials which is a common option that you are presented with when looking to set up a new account for pretty much any online service today. It’s convenient, great …… but is it too convenient? What it is also doing is “road mapping” us in cyberspace and many of us may not even know it is happening.
As we become a more ‘connected society’ there is without doubt a blurring of the lines of what is good and appropriate when technology is used to collect private information. It is every new app or sign-on looking for the most up-to-date info requesting access location, contacts and calendar or the latest wealth management application, bank account or credit card providers wanting account numbers and passwords. We get drawn in to the simplicity, the sexiness of the design. We want instant access without thinking about the overall consequence of giving our road map to yet another source. And we lose sight of the importance and value of our private information – dare I say we take it for granted?
Yet, securing the privacy of every human being is paramount to realising the full potential of our very future. So, what do we need to do to rebalance out those blurry lines? We need to empower people to be at the centre of gravity of the internet as a way to ensure they will always control their own data. Personal data given, albeit freely, over the Internet or stored in devices connected to the Internet, remains the property of and is solely governed by the individual. The independence and rights of every individual must be uppermost in achieving our ultimate future potential.
Therefore, digital data (in whatever form) obtained by whatever means, without the absolute consent of its unequivocal data owner, should not be used by any “collector” for research, inducement, incentive nor as a bargaining tool without the explicit, revocable and informed permission of the data owner. Being respectful and placing value on every human being’s data is a cornerstone in securing the future viability and should be foremost in securing our digital future. When everything you do digitally connects to your life’s jigsaw in cyberspace the trickle becomes a shower, a downpour, a thunderstorm, a deluge. From small seeds great trees grow!
Ultimately, we are creating a societal shift in which information gathering and sharing is the acceptable norm and turning information into what could be described as paving the streets with gold.
One could argue that this fundamental societal shift in the treatment of private information, mirrors how individuals will treat corporate data. The line on ‘proper treatment/acceptable use’ of corporate information is also getting blurred.
Continuous demands for improved connectivity, more mobile solutions and access to any piece of information anywhere, at any time is the new norm. We demand immediate access to everything. This desire is driving a behavioral disposition to be ‘more connected’, but it threatens how corporations go about protecting their digital assets and other intellectual property. A well-known research organisation recently reported that on average seventy percent of applications used by employees are not sanctioned by their IT departments. Users are implementing their own solutions despite the controls that internal IT may have put in place. The business value may be there, but the protection of corporate assets is now at greater risk than ever before.
We need to be very cognisant of the choices we make regarding the impact of the trade that convenience has with respect to our privacy, as well as knowing what happens to our data. Who will control our digital persona if we give the information away without any thought whatsoever? Once policy decisions have been made around the rights of the data owners then securing the data to those standards becomes important, paramount even, and the onus on making things happen rests with all of us.
With respect to our digital identity, everyone, everywhere has the right to be known and validated by the possession of a government-issued digital identity, which can be securely verified and used only by its owner. But what is the right information that government and business leaders need to provide to navigate this data ocean? Most technologists immediately rush to the pieces surrounding the data; storage, transfer, interaction, visualization, analytics, etc. These are all important, but the harder pieces to tackle are data privacy and data security.
We all recognise and acknowledge that data is the currency of government. Vast amounts of data are being collected, stored and manipulated by every government agency every hour of every day. With the rise of the Internet of Things (IoT) the amount of personal data being collected and shared is exploding. As a consequence this creates issues for government in both the way they manage data and around the public policy they enact to regulate it.
On the public policy side, consider the very public competition between Apple and Google as they navigate the Internet of Things. Apple appears to think that keeping users’ profiles private is the right thing to do i.e. that is what their customers want and are willing to pay for. Google on the other hand appears to think anonymized user profiles are the way to go for their customers.
Does Government have a role to play in how this competition plays out? Should regulators be involved in protecting consumers? Or should government simply let market forces prevail? All of these questions are informed by technologists in their roles as advisors to policy makers. Will we ever solve it because one could argue that for every advisor’s opinion there is another counter opinion?
What Governments need to do is invest in a multi-pronged strategy; invest and recognise that technology solves the business needs of the citizens and the state; invest in data privacy policies that clearly articulate the potential problems and provide flexible solutions for those problems that we know about now and future proof for those yet to be discovered. In other words include all stakeholders so that you can get collaborative buy-in that covers security infrastructure, policies, technologies and the impact people. The GDPR in Europe is an example of how this might work.
Government and business leaders understand that data is the currency of government. Digital privacy is the next frontier of human rights and the investment needed in cyber security is the tax that society will have to pay for the use and convenience of the internet. When we truly understand this, only then can government start to address the complex issues that the IoT brings to our society.
A cause of real concern currently is the lack of security focus on critical infrastructure and items of significant importance that would cause us all serious challenges if anything happened to them. This failure endangers our entire economy, our national security and the continuity of commerce. The technology strategies to keep our data safe will change over time, but keeping the data safe from bad actors associated with organized crime, unfriendly governments and others must always be a priority.
We as technology leaders are seeing an unprecedented amount of information sharing applications, personal cloud storage, analytic tools and collaboration software that users can download and deploy. Technology has certainly improved aspects of our lives, but the digital generation has grown-up in a society where technology provides more convenience first and foremost with data security and privacy being secondary or worse, completely ignored.
We as corporate leaders now need to think outside the box when looking for methods to protect our organisations and to secure our corporate assets. The traditional approach to infrastructure being IT governed, IT provisioned, and IT owned is no longer feasible.
Our company, Sedicii, is at the forefront of helping organisations ethically and confidentially verify information without ever having sight or knowledge of the information being verified. We believe in the right of an individual to own and manage their own data but also completely accept that trust must be established between parties in order that the digital world can work effectively. We will always be respectful and cognisant of the information owners’ right to complete and utter privacy and ownership of their own digital persona.
I’ll end with this, we all must recognize that we need to offer solutions that are easy to work with securely and difficult to use insecurely. That no matter how the data is delivered, it is the data itself that needs to be secure, enabling you as a technology leader to know where it is and how it has been accessed. Always keep in mind that technology will continue to develop very rapidly but let’s not lose sight of the fact that it is there to serve the people and not the other way round.