By William Emmanuel Yu, Ph.D., CISM, CRISC, CISSP, CSSLP
We live in a world where technology is present in everything we do. We have essentially become dependent on this level of pervasive communication technology. However, these same technological capabilities also make it possible to perform unprecedented levels of surveillance. People in the technology sector have always been aware of this power and have capitalized on it. However, in June 2013 things changed. The post-Snowden world has brought increasing awareness to the issue of mass surveillance. More people are now aware of it and more people want action from their governments. This increase in awareness has compelled regulators and governments worldwide to review intelligence agencies, laws and regulations with respect to data privacy.
For liberal countries with no data privacy laws, there will likely be a move to enact data privacy regulation. Countries that already have regulation will start reviewing and strengthening it in most cases. For a while, customers will be more discriminating about where their personal data resides. Decisions will be made on the perceived safety of these service providers. This puts an additional burden on companies that rely on IT to ensure that they continue to provide their services within a more data privacy-aware regulatory and cultural framework.
At the same time, this is also the era of big data, which enables the large-scale collection of customers’ personal and transactional information. Companies are increasingly looking at their data streams as assets and have invested in technology to keep more of their data longer and identifying ways to monetize it.
Companies are in no position to predict all possible changes in regulatory action or cultural expectations in the market. However, they need to build their applications to ensure they comply with these regulatory and cultural norms. In my recent Journal article
, I recommend that application developers seriously review their applications in the context of existing global privacy regulatory frameworks, which can serve as a template. These general privacy principles can ensure a degree of future proofing for these applications.
We are seeing the collision of capability and responsibility. We now have the capability to keep, process and monetize more private data. This is what technology allows, but at the same time, service providers have a responsibility to customers to protect this information and use it in a fair and proper fashion.