The perpetual tug-of-war between privacy versus security is anything but settled as consumers, vendors and their business partners wrestle with the question of the free flow of information versus locked-down privacy controls, panelists agreed at SC Congress Chicago Tuesday.
The pressure of making information readily available is at odds with those who must adhere to compliance regulations about privacy, says Jonathan Silbar, chief enterprise architect at Wheels, Inc . He described the transition to the “ability of get beyond locking data behind a protected fortress” as a “major trend” in the security industry. The key, he says, is to not keep data one does not need to keep. That said, Silbar says his firm shares a lot of data with vendors in order to provide the services customers want.
Matt Caston, CIO of 365 Retail, cautioned that the monetization of personally identifiable information, such as credit or health care information, is continuing to proliferate. Data privacy rules and regulations have become the proverbial rat's nest with some laws running 700 pages or more. In order for a company, especially an international organizations, to walk the fine line between meeting domestic and international privacy laws, the company should employ legal specialists each major jurisdiction.
R.R. Donnelley CISO and senior vice president of IT governance Peter Tiemeyer says that every week his firm has auditors in from various customers basically ensuring that its cyber security is up to snuff. He says the audits are helpful by keeping RR Donnelley aware of its customers' expectations. Tiemeyer says consumers' feelings about privacy and security swing like a pendulum. The pendulum swings to greater privacy when things are going well and no major breaches are on the news, but will swing back to greater security with less privacy after a major attack.