Within the past month we at ESET’s Threat Blog have been hammering away at the gap between user education about privacy, the realistic expectation of privacy in the digital age, and how corporations view individual privacy. Today I read an eye-opening revelation about Accenture’s global Data Privacy Report talking about How Global Organizations Approach the Challenge of Protecting Personal Data. If a picture speaks a thousand words, here’s my take:
I couldn’t say it any better than George does in his ivebeenmugged.com article on this mirthless Greek tragedy called ‘personal data security’:
Effectively, if the organization cares then they’re better all around in security measures. If they don’t… as we’ve discussed previously, there are very few consumer based options.
George offers up that forcing business through regulation would help. I agree, having recently completed a project examining Ireland’s data protection laws. However, stateside companies still fall into the same category and we already have regulation providing
fairly harsh / somewhat harsh possibly harsh penalties.
My assessment is that this could be a strong leap forward in support of Community Driven Open Source Privacy.
Another assessment is that if corporate decision makers aren’t incentivized either internally by a supportive Corporate Culture or externally by regulation, getting the entire grip on cybersecurity is going to be difficult if not impossible.
One final assessment is that this gap is crying out for a Cybersecurity / Personal Data Security BBB-type organization’s seal of approval to provide comfort to those who frequent the business. The hard question comes into how scalable this could be.
Let me know in the comments. I’ll be asking around my workplace and I’m sure we’ll be using this in the future as the basis for a working group issue for Securing Our eCity as well.
Securing Our eCity Contributing Writer
Author ESET Research, ESET