Data Privacy in the Era of Sharing

Posted on by Christopher Burgess

Information is meant to be obtained, consumed, and, above all, shared. Yet we sit today in a new era of data privacy and transperancy, where consumers want to know how and where their information will be used. It doesn't matter if the information aggregation happened with their direct participation or if it was collected wholesale. As we collaborate, share, and enable, we must ensure we do so responsibly.

Thomas L. Friedman, author of The World Is Flat: A Brief History of the Twenty-first Century, agrees that we are in the midst of an era of data privacy with the use of crowdsourcing and openness to draw consumers, users, businesses, and governments into the same circle of influence. As we continue to share our experiences and collaborate on our ideas, data privacy still matters.

Friedman states, "by 'flat' I did not mean that the world is getting equal. I said that more people in more places can now compete, connect, and collaborate with equal power and equal tools than ever before. That's why an Indian in Bangalore can take care of the office work of American doctors or read the X-rays of German hospitals."

And as we interconnect, we find that the information from our companies, partners, and clients/customers may require similar, yet different security and privacy protocols.

Global Connections Data Privacy

It's no surprise to learn that the United States has a more lax perspective of privacy when compared to the European Union (EU), and those in Russia and China have even less expectations of privacy. Cultural norms, as well as political realities, drive expectations. What decisions can a company wishing to enter the international marketplace make to ensure they are both compliant with the laws and regulations of their host country, and equally compliant in the customer's or client's data privacy provisions?

For those companies looking to the EU, the privacy discussion is reaching a feverish pitch. Recent discussion among some European countries is to form the equivalent of the Schengen Cloud a private, European-only network in which companies outside of the EU would not be able to engage. Clearly, evolution of the Schengen Cloud would have both political and economic impact. The European network's isolation is in response to Edward Snowden's revelations regarding the US government's intelligence collection efforts. Made all the more noteworthy was when Germany recently declined to renew a contract with a US service provider due to fear that the company may turn over its communications to the US government.

While it is clear that governments, including those with broad alliances such as the EU, have the capability to engage as equals with both large corporations and governments in terms of data privacy protections, what of the small or medium businesses? As a small business which contracts services from a myriad of providers, how is that business to know how their information is shared?

The first step is to ask the service provider under what circumstance and to what degree information may be revealed to law enforcement. Any entity that is accepting personal identifying information should be able to articulate what and how they will address a lawful request for that same data, regardless of locale. Similarly, the consumer should be able to review the information on how their data is shared internally and with third parties to include vendors, aggregators, and advertisers. For the uninitiated, the two documents that should provide clues are the Terms of Service (TOS) and the Privacy Statement.

Reviewing the content of these two documents will provide a great deal of illumination. While the privacy statements may be long and arduous to read, simply searching for the word "share" within the documents will quickly reveal how the data is shared. Alternative search words include "used" and "sold." With this knowledge in hand, the trade-off is revealed, and an educated decision can be made with respect to data privacy.

Christopher Burgess

, Prevendra Inc.



Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community