By Harriet Pearson, VP Security Counsel & Chief Privacy Officer, IBM
OK, so a century is not what most people use as a frame of reference these days, especially not in the technology industry!
But it is fair game for those of us who work at IBM, a company that celebrates its centennial this year and has, for almost as long, been at the forefront of thought and action when it comes to privacy and data protection (and at the forefront of a few others things too, such as groundbreaking technology and business models).
And why should that be relevant to you? Because, despite the very important developments unfolding daily in privacy and data security, the real and lasting approaches to addressing these critical issues will come from long-term attention and focus grounded in historical perspective, deliberate analysis and informed dialogue. We at IBM have operated successfully through a number of technology and business cycles, all over the globe, and we aspire to continue to do so for the next hundred years. We have learned over the years that:
- There are no simple answers. Privacy is not “dead,” so we must not “just get over it.” Fostering transparency of data practices is not enough, because putting the burden solely on individuals to manage their own privacy is not fair or workable. Reactive regulation, especially if it is technologically-specific or overly detailed, risks retarding the innovation and growth that today’s information-intensive industries represent. It’s going to take a variety of efforts, and some leadership in all sectors, to address the challenge of protecting privacy in the current era.
- Meeting privacy expectations starts with appropriate data collection and use policies adopted at multiple levels: individual, societal, industry and organizational. All the IT security precautions in the world will not guard against the inappropriate decision to share personal information. The policies set by our society and institutions should reflect contemporary norms and values and should of course comply with relevant laws.
- Privacy policies are not enough. There must be implementation of those policies, with sufficient accountability and oversight to protect against the consequences of inattention or abuse. The increasingly influential “privacy by design” paradigm is helpful in this regard, helping us all to embed privacy thinking into our organizations, from the start, and by design.
- Technology can play a useful role. Increasingly leaders in the privacy field are looking to creative technologies that can protect or otherwise support the accountable use of personal information. This is very promising, whether it’s to help automate measures (like privacy assessments) that otherwise would be cumbersome and too expensive to do, or to mask or otherwise guard data (like homomorphic encryption or privacy-preserving identity management) while enabling its productive use.
What do you think?
A concluding note: Via this site and in other ways, we aspire to add value to your work and perhaps to inspire you as well with ideas, contacts and linkages you may not have seen elsewhere.
The resources on this site are assembled and updated directly by IBM’s Privacy & Data Protection team, a global team of recognized experts in policy, business practices, law and technology. We hope you will find our materials useful, and we invite your constructive ideas and thoughts.