Comments

• • Derek Risling@derekri6

  

  Derek Risling May 24, 2015 - 11:39am

  So, this topic mirrors a conversation I was part of earlier this week at work. I’m part of our department’s Strategy and Compliance function - My focus is the ‘strategy’ component, and I have direct colleagues who work with ‘compliance’ including risk management. We often find ourselves at odds, when I’d like to push the boundaries a bit, and they are (rightly) more comfortable with known tools and approaches.

   

  My assertion was that our discussions around privacy and information security these days, is that they have become a little shallow. Rather than explore issues of privacy concerns, assess value and risk associated with our data, etc., our group tends to “play the data security card” as a means to shut down discussions around innovation. The argument being: having corporate data outside of our own directly control is risky - especially where the US Patriot Act is in effect. I’m sympathetic to the viewpoint - and I absolutely agree that there is risk present. However, recently this has transitioned from ‘valid concern, which should be critically assessed’ to:

   

   

   

  What I find missing from the equation is the potential value which may (or may not) offset the risk. The spectre of potential privacy risk completely overrides any discussion of potential value to be had. Since not all data has equal value, and not all risk is equally great, this is a discussion which must be continually had. Further, it’s a discussion that must continue every time new information becomes available. I’m not advocating blindly sharing data (corporate or personal), but I do suggest that risks must be weighed against the value to be derived from use of a service. This is a complex issue - one for which the true ramifications likely won’t be known for years to come - and for which no reductionist, single argument can fully encompass.

   

  
• • Jon Dron@jond

  

  Jon Dron May 24, 2015 - 12:35pm

  Excellent points!

  Sometimes, having an avenue closed by legislation can spark inventiveness and lead to new opportunities. In some ways I am quite glad that (for instance) we are excluded from hosting with Google, Microsoft or Amazon, because it opens up a bit of the field for companies within national borders, which is good for diversity and so for innovation.

  It can be a bit odd though. For instance, I administer a site in Australia that is made for schoolkids (yes, we do need to think of them!) which has to be hosted there thanks to Oz privacy laws, but, of course, the packets passing back and forth across the Pacific as I administer the site are likely going via the US and winding up here on my machine in Canada. I am, naturally, using an encrypted connection for this but it does seem a bit strange that (say) I could not simply encrypt the data on the disk itself and host it in the US.

• • Kamar Wilks@kamarwi

  

  Kamar Wilks May 25, 2015 - 2:25pm

  I find it amusing how much people get upset when their information is leaked after they made it readily available. Not all information requested has to be provided and the ones you do provide you can by coy about them. I am not saying this to condone the illegal phishing of data nor the US blatant disregard to need of asking before collecting.

  My humble opinion is that fear has been constantly used as the driving force behind the need for law agencies to collect data. “If you don’t have anything to hide then you shouldn’t mind”, I am not sure why someone would say something like this knowing that one of the most treasured thing to someone is his/her privacy.

  The fact of the matter is if you want to live in this century and use all the little gadgets and “stay on the grid” then there has to be some compromise. Be mindful of where you enter your data, Research on new technologies and see if you want to be a part of it.