Ally's Picks - #SecurityChat on #Privacy

Posted on by Ally Lorentson Dunn

We recently hosted a Twitter chat with security experts on a handful of hot topics around online privacy. 

One of the questions we asked was, “Who should define expectations for data privacy?”

Dejan Kosutic: Organizations must define which information they consider private through classification process. Government should set the standards for privacy of individuals through personal data protection legislation.

RSAC Twitter Chat

Michael Santarcangelo: I favor individuals defining their own expectations for privacy I’ve found most people agree within a basic range; the key is that informed discussion. Allows for consistency.

Robin Wilton: Need to begin by recognising that there are many stakeholders with valid privacy expectations. My personal view: "PII" (personally identifiable information) should be re-defined as "privacy-impacting information also, of course, privacy law/regs need to account for the wide differences in privacy culture between societies.

Toby Stevens: @Dejan Kosutic but DP legislation fails time and again. Useless without effective enforcement, and is that possible?

Dejan Kosutic: @Toby Stevens I'm afraid most of individuals don't know the consequences of not protecting their privacy.

Michael Santarcangelo: I want individuals/biz to have freedom over their information; means choices. And responsibility, which means we are responsible to make it make sense and help people understand the consequences of different choices.

To read more from our Twitter chat, including the full transcript, visit our Europe Twitter community page 

Who do you think should define data privacy?  Do you agree with the experts or do you have a different take? 

Give us your ideas in the comments!


Identity Privacy

cloud security identity management & governance privacy

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community