The document discusses the relationship between information technology and privacy. It notes that advances in IT have accelerated the free flow of information while reducing individual control over personal data. This tension between privacy and the free flow of data enabled by technology may create new ethical challenges. As privacy issues often fall to IT departments, the document offers recommendations for IT to take a "privacy first" approach, including understanding how data is used and protected, implementing privacy by design, establishing governance and accountability, and viewing privacy as a core corporate value rather than just a compliance issue. The discussion aims to help balance privacy and technology in a positive way.
2. 2
Agenda
● The relationship between information technology and privacy
● How moral debates are affected by IT
● Solutions to ethical privacy challenges for the IT department
● Q&A
5. 5
The times, they are a-changing…
1990 to 2020 - Key Milestones
Database, Email, Mobile, Apps, Datacentre, VM, Cloud
Onion and Castle model is dead
No data inside your castle anymore!
We gave them all of the technology, but none of the skills.
Actually, we’ve been doing this dance since the 80s
Personal computers, Distributed networks
We thought we needed to secure technology by building high walls. There are no threats
to technology, only to the business and that mind set held us back. If you can’t contain
the business behind walls, you can’t contain its data or technology either.
25 years ago paper based files, now cloud based consolidation
6. 6
The premise of today’s discussion
● Recent advances in information technology impact privacy by accentuating the free
flow of information and reducing control over personal data
● Is there an antagonistic relationship between Privacy and Information Technology
● New ethical and legal problems emerge as a result of the IT enabled free flow of
data
● As privacy tends to fall on the shoulders of the IT Department, what can the IT
department do to balance the rise of information technology, while striving towards
bring a “privacy-first” organization?
● How can you protect your customers; privacy in the digital age?
7. 7
A premise was put forward that advances
in information technology impact
privacy by accentuating the free flow of
information and that this reduces control
over personal data.
● Does enabling the free flow of
information through technology
impact privacy?
● What drives the free flow of
information?
● Is there a tug of war between
technology and privacy?
● Have we lost control of our data?
The times they
are a-changing
A question of
scale and
evolution
Privacy is a false
dichotomy
25 years ago,
paper-based files,
now cloud-based
consolidation
Fish to Stick
Stick to Club
Club to Sword
Sword to Gun
Gun to Bomb
Technology is
neutral, great
good and great
harm
This is a
business, issue,
not IT
Companies
struggle with data,
not just privacy
PETS empower
privacy
Data must flow to
new markets & in
new ways
Operations &
hygiene issues
plague big
companies
Privacy
antagonists are
not tech, but data
density & time
8. 8
Is there an antagonistic
relationship between Privacy (Data
Protection) and Information
Technology?
9. 9
By extension, the premise suggests that
IT’s enabling of the free flow of information
has result in in new ethical and legal
problems.
Would you agree and where do you see
these emerge?
Global Business
vs. Local Law
Privacy says NO?
From blocker to
builder
For the first time
in history,
company is bigger
than country
Does it?
Or does it ask for
good data
governance?
From legal
compliance, to IT
Design
Ethics issues are
not from flow of
data, only its
misuse
Cultures differ.
Some see privacy
as a natural right.
Risk is a cost of
doing business
Need to adhere to
fair principles of
processing & “do
unto others” rule
New markets.
New Laws.
Privacy needs to
be a core
corporate value.
Risk can’t be
eliminated, only
moved or
changed.
10. 10
As privacy tends to fall on the shoulders of
the IT department, what can the IT
department do to balance the rise of
information technology, while striving
towards being a “privacy first” organization?
Get control of
your data
Privacy by design Not “vs”... AND
What you have?
Where? Why?
Who owns it?
How protected?
Benefits not costs
A false dichotomy.
A positive sum
experience.
Leadership and
message
Align principles,
policy and
practive
Privacy as a core
value, not a
checklist
Consistent
message. Clear
barriers. Uptake &
consistency.
Accountability.
Transparent, fair,
legal data
minimization,
retention limitation
This is not an IT
issue. It’s a
leadership issue
11. 11
A Step by Step Guide on What to do now?
Understand what you have
Understand why you have it
Understand where it lives and moves
Understand in, out and aggregation
Understand the risk and opportunity
Understand what requirements are upon you
Understand how to develop in the Design Processes
Build a Privacy Program, not a legal compliance project
Establish a “Plan Do Check Act” management cycle
13. 13
Thank You!
See http://www.trustarc.com/insightseries for
the 2023 Privacy Insight Series and past
webinar recordings.
If you would like to learn more about how TrustArc can support
you with compliance, please reach out to sales@trustarc.com for a
free demo.