While the digital landscape continues to evolve, information-security controls are constantly being tested. Generally, an individual’s rights to online privacy are protected by some form of legislation in most countries. As a result, organizations that store and manage an individual’s personal information know they are required to follow a country’s privacy legislation.
However, these rights are being tested. Today, the digital privacy debate is about who gets to own the individual’s online lifestyle patterns.
First, we have regulators who are passing laws aimed at protecting the individual’s rights to privacy. For example, look at the Australian Government’s revised privacy legislation coming into effect in March 2014 and the European Union’s privacy legislation revamp.
Second, we have those looking to monetize the individual’s digital-lifestyle patterns, supported by technologies such as big data. These companies include Google, Microsoft, Amazon and Facebook, all vying for a slice of the $117 billion annual spend on digital advertising.
Third, we have the global ecosystem of security and related agencies, which remain invisible and seem to act with relative impunity. The much publicized PRISM debate over the U.S. National Security Agency’s covert surveillance is one such example.
From a legal standpoint, the corporation is treated as a person, as well. An individual’s right to privacy is similar to a corporation’s right to protect its proprietary knowledge. Corporations that do not handle or store individual’s information may feel justified in adopting a less rigorous information-security position. After all, governance costs money.
The unauthorized use of either the individual’s private information or your organization’s sensitive information can result in significant damage. From the individual’s perspective, this damage could range from minor financial fraud to total identity theft. For the corporation, the impact of the accidental loss or deliberate theft of proprietary knowledge could vary from the trivial to the ultimate failure of the company. The gradual demise of the once substantial Nortel by Chinese hackers is a case in point.