According to a new survey from the Cloud Security Alliance there is a growing and strong interest in harmonizing global privacy laws towards a universal set of principles.
Between Edward Snowden’s revelations of government surveillance being carried out against citizens in various countries, concerns over the vast stores of personal information that Google, Facebook et al have access to, and the rise of cloud and third-party information handling, data privacy awareness is at an all-time high. Accordingly, the CSA’s Data Protection Heat Index has uncovered a groundswell of support for a range of global themes regarding data sovereignty.
“Data privacy considerations are often overlooked in the development phase of cloud, IoT and big data solutions, and instead are viewed through a maze of complicated regulations and guidance,” said Jim Reavis, CEO of the CSA, in a statement. “These findings highlight the very significant opportunity for global co-operation between CISOs and info-sec professionals, privacy leaders, developers and architects, to build privacy principles into new and emerging solutions.”
When it comes to user consent, a full 73% of respondents indicated that there should be a call for a global consumer bill of rights, and furthermore saw the United Nations as fostering that. This is significant given the harmonization taking place in Europe, with a single EU Data Privacy Directive for 28 member states, as well as with the renewed calls for a US Consumer Bill of Privacy Rights, and cross-border privacy arrangements in Australia and Asia.
Responses also indicated the need for a universal interpretation of the concept of lawful interception, with responses such as, “The right to access data through country-specific laws if the needs arises, i.e. data needs to be made available for a cybercrime investigation.”
And, many organizations struggle with issues around data residency and sovereignty. However, there was a common theme of respondents identifying "personal data" and personally identifiable information (PII) as the data that should remain resident in most countries.
The survey also uncovered a keen interest in the Organization for Economic Cooperation and Development (OECD) principles as facilitating the trends of the internet of things (IoT), cloud and big data.
“The OECD privacy principles catalyzed the creation of privacy frameworks and subsequent legislation globally,” said Michele Drgon, CEO for DataProbity, in the report. “The privacy principles provide a common language for these concepts to be built into data privacy legislation. Now, what people care about has evolved: untraceability, unlinkability, minimization, anonymity have become additional key points of focus […] The data quality principle has really become data minimization and data quality, and it is going to be a vital driver for big data and IoT.”
The CSA also concluded that, taken together, participants in the IoT and big data applications and security space have an opportunity if they choose to build in standard privacy safeguards for their solutions.
“If developers and privacy professionals approach building in privacy from the standpoint that they want to do the right thing, they are going to find increased opportunities to innovate and develop solutions in a positive manner,” said Dan Blum, chief security and privacy architect for Respect Network, in the report. “They will relieve themselves of many compliance obligations, reporting and potential legal issues. Respecting privacy is generally good for business.”