Who's Responsible for Protecting Our Privacy?
Print Issue: September 2019
Issues around privacy are an increasingly pressing concern. But what is less clear is who is responsible for protecting citizens. Is it up to our governments? Organizations? Manufacturers? The answer is everyone.
For their part, governments have been drafting policies to help ensure that personal privacy is being protected. While many of us are most familiar with the European Union’s General Data Protection Regulation, it is by no means the only regulation keeping an eye on citizens’ privacy.
North and South America, Asia, and the Pacific have also implemented policies aimed at protecting personal privacy. In fact, Malaysia’s Personal Data Protection Act came into effect in 2013, Brazil’s General Protection Data Law became enforceable in the summer of 2018, and California’s Consumer Privacy Act, which recently passed into law, is set to take effect in 2020.
India’s forthcoming policy may go even further than its predecessors as a result of a ruling by the country’s Supreme Court that found “a right to privacy is part of the fundamental rights to life and liberty enshrined in the constitution.” Based on this ruling, the new policy will likely affirm that “it’s necessary to protect personal data as an essential facet of informational privacy.”
Cybersecurity & Personal Privacy
What these policies have in common is that they provide guidelines that strongly encourage organizations to take privacy protection seriously. They also set minimum requirements on cybersecurity, including principles for data security, proper data handling, and processing, as well as breach reporting. The penalty for noncompliance is a hefty fine.
But avoiding fines is just one reason organizations should comply with these regulations. Another often overlooked reason is that regulations are part of the framework for developing a strong global network that will allow everyone to safely use and share information.
The reality is privacy protection and cybersecurity go hand-in-hand. Protecting individual privacy—by blurring faces in video or anonymizing data—should be as much a part of an organization’s overall security plan as encrypting data or protecting edge devices.
In addition to laying the legal and regulatory groundwork necessary to create safer networks, governments play another important role by restricting the use of technology from vendors or manufacturers that present security concerns.
Moving forward, if these companies don’t want to be left behind, they are going to have to change their business practices, become more transparent, and improve the security of their offerings.
But, as much as governments are doing to safeguard privacy, they cannot keep personal data secure on their own. Organizations also have an important role to play. They cannot rely on governments to determine which vendors are trustworthy.
Transparent Business Practices
As vendors, we need to provide clear guidance to end users and make implementing layers of protection easier. This means making cybersecurity and privacy protection features more accessible and, in some cases, activated by default.
In these instances, end users would not have to choose to activate a feature that would protect their data. The choice would already be made. They could choose to deactivate it, but this would be ill-advised.
It’s a matter of developing good business practices. We need to be transparent and open when we communicate about new functionalities, as well as about vulnerabilities that arise. This helps build a network of trust that keeps people and their data safer around the world.
Laurent Villeneuve is a product marketing manager at Genetec. He manages go-to-market planning and marketing programs to build brand equity and generate sustainable business development.