Privacy: Can’t We All Just Get Along?

Within the past month we at ESET’s Threat Blog have been hammering away at the gap between user education about privacy, the realistic expectation of privacy in the digital age, and how corporations view individual privacy. Today I read an eye-opening revelation about Accenture’s global Data Privacy Report talking about How Global Organizations Approach the Challenge of Protecting Personal Data. If a picture speaks a thousand words, here’s my take:

I couldn’t say it any better than George does in his ivebeenmugged.com article on this mirthless Greek tragedy called ‘personal data security’:

• • Are these business executives serious? I want to talk with the executives at 30% of organizations that believe they don't have an obligation to protect sensitive customer information. …I also want to talk with the 45% of executives were are unsure or disagree to give customers control over what customer data is collected.
  • What twisted logic supports this conclusion by executives? [bold emphasis mine]

Belief in Corporate Redemption?

If there were any redemption for business executives in regards to this survey on privacy it was found within this fifth pillar offered up in Accenture’s report:

• • Organizations that exhibit a “culture of caring” with respect to data privacy and protection are far less likely to experience security breaches. Such organizations tend to view themselves as stewards, not owners, of personal data and take actions to protect data entrusted to them.

Effectively, if the organization cares then they’re better all around in security measures. If they don’t… as we’ve discussed previously, there are very few consumer based options.

George offers up that forcing business through regulation would help. I agree, having recently completed a project examining Ireland’s data protection laws. However, stateside companies still fall into the same category and we already have regulation providing fairly harsh / somewhat harsh possibly harsh penalties.

Opinion: Mixed

My assessment is that this could be a strong leap forward in support of Community Driven Open Source Privacy.

Another assessment is that if corporate decision makers aren’t incentivized either internally by a supportive Corporate Culture or externally by regulation, getting the entire grip on cybersecurity is going to be difficult if not impossible.

One final assessment is that this gap is crying out for a Cybersecurity / Personal Data Security BBB-type organization’s seal of approval to provide comfort to those who frequent the business. The hard question comes into how scalable this could be.

So… How does your Corporate Culture revolve around privacy?

Let me know in the comments. I’ll be asking around my workplace and I’m sure we’ll be using this in the future as the basis for a working group issue for Securing Our eCity as well.

Securing Our eCity Contributing Writer