Published
03 December 2007, 06:14 AM
Data protection commissioners from around the world met in Montréal from September 27-29, 2007, for their 29th annual conference titled, “Terra Incognita”. This event, open to non regulatory participants, is particularly interesting for us at the HP Privacy Office as it is an excellent and unique opportunity to meet privacy commissioners in one place, understand the main worldwide trends, exchange views, ideas and concepts. This allows a better understanding of regulatory evolution, improved HP internal policy & practices planning and a more fruitful collaboration between regulators and the industry; with the ultimate objective to ensure efficient personal data protection at minimum business impact. I attended this conference with our HP Chief privacy officer and our APJ privacy officer and would like to share my impressions of this conference.In this conference the commissioners met to discuss successes, issues, and efforts of the previous year in their work to promote data protection principles. This year’s gathering, more than any before, acknowledged the necessity of collaboration among different stakeholders and of addressing the “dragons” populating the Terra Incognita of data protection. This theme, which seems exotic at first glance, was carefully chosen and thoroughly considered to depict the mix of expected and unexpected domains and the new technologies and practices faced by privacy professionals in their daily work in the uncharted territories of data protection.
The six dragons foreseen in the Terra Incognita were identified as the following: 1) Public safety, 2) Law meets technology, 3) Globalization, 4) Ubiquitous computing, 5) The next generation and 6) The body as data. For each of these dragons there were plenary presentations and workshops to try to assess the situation and analyze some existing or potential ways to fight the wild animals. For the program, click here.
Public Safety & Globalization: In a world dominated by the fear of terrorism, this is most likely one of the most difficult and controversial dragons. There is often a belief that the game between privacy and security is a zero sum game where inevitably an extension of security should result in less privacy and more data collected from individuals with or without their consent and knowledge. Some expressed concerns on the real efficiency of the surveillance techniques in regards to their impact upon privacy and freedom.
The presenters scanned a wide range of views reflecting the complexity of the subject, even if all agreed that the basic concepts of privacy and security are both human rights that should be equally considered, respected without trade-off between them. One speaker said that in fact it is an old problem in a new world and we should consider today freedom vs. control instead of privacy vs. security. We should move from the “nothing malicious then nothing to hide” to a time where the “potential of control can be everywhere and invisible.” Which is a paradoxical situation when to hide something, and to keep something private is natural and “just a characteristic of being a human”.
Law meets Technology: This session highlighted the growing trends about the use of technology in a surveillance society, the potential impacts, the extremes to which some nascent technologies may bring us, and how law can keep pace. Currently, some technologies, like RFID or geo-location, are viewed as potentially privacy reducing, but as one speaker said, we have to have a vision of the future and envisage as early as possible the impact of future techniques, like nanotechnologies, which might be even worse.
According to panel members, technology evolution triggers a need to evaluate, and demonstrate in some cases, how well an organization implements privacy and efficiently protects personal data. At present, most companies are relying on privacy policies, workforce trainings, and internal auditing; sometimes also using industry seals like BBBOnline or TRUST-e.
This session also reviewed some attempts to define a standard framework similar to what was done in the quality assurance domain. Such an approach, based on norms and formal certification, can bring ways to compare and ensure some level of compliance, but it may also generate significant complexity, delays and cost which may seriously impact business performance.
Daniel Pradelles, HP EMEA Privacy Officer
Posted By
warren.sander@hp.com
|
2
Comments
|
Trackbacks
|
Permalink
Information disclosed in this community becomes public.
Exercise caution when deciding to disclose your personal information.
HP reserves the right, but is not obligated to, edit or remove your comment if it contains personally identifiable information or other content HP deems unacceptable.
Opinions expressed are your personal opinions or those of the original authors, and not of HP.
Please see HP's web Terms of Use for more details.
