Get Pricing For SunView Solutions

Review platform features & packaging to decide what best meets your needs.

IT Service Management

ChangeGear is an industry-leading ITSM platform that helps organizations to better track, manage, and deliver critical services.
Get Pricing

IT Operations Management

LivePulse offers out-of-the-box system and application monitoring essentials in the cloud.

Get Pricing

5 Key Points on Privacy to Ponder

01/23/2013 by: The SunView Team

By guest blogger Russ Miller, CTO of SunView Software

It is not news that users of technology are increasingly more tightly integrated, in intimate ways, with computing devices, especially due to the portability of smart phones. For example, a large percentage of young people sleep with their devices. As a result, more and more of our private data is captured and then scattered about the cloud, potentially exposed as big data, waiting to be mined in ways undreamed of by the owner of the data.

Due to these scattered pools of sensitive big data the likelihood of leaks or spills increases and so does, potentially, the impact of each breach. As a result of the greater frequency and impact, the spotlight is now quickly focused on any company that exposes customer data, often with considerable harm to the company's brand name and bottom line. Now, not only are the companies that leak data being punished by the press and consumers, but increasingly government is getting involved. The FTC is busy pursuing privacy infractions, most recently slapping Google with a $22.5 M fine. Beyond the FTC, state governments, the US congress, and the EU are increasingly focusing on privacy issues, for example, California recently provided guidelines for mobile app security.

Privacy is the toughest issues of the information age and there are no easy answers. For those working in IT, responsible for protecting that data, what is to be done to protect customer's data and the company's reputation?

Here are a few points to consider:

1) Privacy, like security needs to be built in, it can't be bolted on later. Privacy by Design is a high-level framework providing guidance on building in privacy and protecting it throughout the lifecycle of information. One key aspect of Privacy by Design is the idea of leaving the control over personal data in the hands of the individual or group it belongs to. Also, there are many new techniques being developed to permit systems to process data without exposing it any more than necessary; these techniques leave the control in the hands of the information owner.

2) A privacy policy is great, but most users won't read it, so to avoid surprises for users, educate them about how their private data will be used in the context of the application. Give clues in the app to let them know how widely they are sharing - especially the first time they use features that share information, warn them as they do it.

3) Everyone understands their privacy policy should be prominently accessible in their application and website, but even more important is prominently providing a means for customers or employees to report cases where that policy is not being abided by. Ideally, your IT department's Service Management tracking tool would have an explicit incident type and workflow related to handling privacy issues. When processing these reported issues, be open to concerns not just based on your privacy policy, but more importantly based on the sense of privacy of the individual reporting the issue.

4) Make sure employees are educated on privacy risks that can occur throughout the lifecycle of the information collected. As privacy engineer, Jason Cronk CIPP, pointed out in a recent episode of the Architectural Concepts podcast, it is not enough to have a privacy specialist on staff, anyone that touches a system handling sensitive data anywhere needs to be educated about the importance of protecting data privacy and relevant techniques for protecting it. Front line developers, architects, and engineers need to be aware of the available tools and techniques to properly integrate them into your information systems.

5. Privacy is becoming as much a specialty as is security or database design. For example, many more companies now have Chief Privacy Officers and recently the job title of "privacy engineer" has become more common in job postings (see this ad at Google).

Note that Carnegie Mellon will now start offering a Master in Privacy Engineering in the 2013-2014 school year. Of course, not every company can afford a Chief Privacy Officer or even a dedicated privacy engineer, but as privacy becomes a bigger risk, even mid-sized companies will need staff that specialize in this area.

In conclusion, the need to protect privacy will only become a bigger issue as we further integrate ourselves with technology. It is through constant vigilance and by educating ourselves on practices like those mentioned above that we can protect our customer's data and our own.

Flickr Image by Sean MacEntee