Tougher Privacy Laws

  • Comments posted to this topic are about the item Tougher Privacy Laws

  • The bit about tech employees having to prove they requested resources etc... when the shit hits the fan, hmmmm, I wonder how that will go.

  • I have to say, I know that the US of A is a great place. Some of your scenery is just awesome. But this whole business makes me glad I don't live there. And it's not that I have anything to hide either.

    Not that things are necessarily that much better in the UK. But at least, with GDPR, we have a piece of legislation that was created to empower the individual data subject.

    From where I sit, my impression is that the system in the USA is government of the people. by big business, for big business. Not exactly what it says in the Constitution. I don't in the least want to be unfair, and I know that big business gets stuff done, but in this case, it is not the right stuff.

    If big business was serious about privacy, there is  absolutely no way that Mark Zuckerberg  would heve been absent  from the nine-nation data privacy hearing the other day, after having been specifically invited.

    MarkD

  • SSCrazy, don't believe everything you hear about big business in America.  There are criticism's of businesses large and small and that is as it should be.  But business's, at least the one's that don't work primarily on Government contracts, only remain in business by providing products or services that people want enough to voluntarily spend the money they earn.  When a breach happens the effect on the value and revenue of the business is typically huge as is the effect on the executives that let it happen.  Go review Target.  Every "big business" over here and most medium and small businesses are working to comply with GDPR already.  Yes, sometimes tech people don't get all the money they would like to enhanced security.  But many tech people want to do EVERYTHING possible no mater the cost and then bitch if they don't get everything they want. More laws are not the best solution in my opinion.  Already just a little under 1/2 of the economy and therefor power is in the hands of politicians who have to be perfectly alright spending other peoples money, and now future generations money, on what they think is right.  More importantly on things that keep them in power.  In the mean time big companies still manage to produce some amazing things even while being castigated by politicians whose purpose is to drum up more support for more laws to get more power.  It is absolutely not "government of the people. by big business, for big business."  Regardless of what you hear.  

  • Mark Dalley - Thursday, November 29, 2018 4:15 AM

    the system in the USA is government of the people. by big business, for big business. Not exactly what it says in the Constitution. I don't in the least want to be unfair, and I know that big business gets stuff done, but in this case, it is not the right stuff.

    I hear this complaint a lot. Half of the workers in the US work for big business, including me. So the way you frame your statement doesn't exactly capture reality.

  • Steve, I have always liked your editorials, but I think you hit this one out of the ballpark. I agree with every point you made.

    The amount of resources you expend on security should be based on the value of the data. This is a business decision, not one that you can specify in legislation. The business concept is due diligence. All entities should exercise due diligence in protecting their data and systems. If they do not, they should be hammered into the ground. My preference is for this punishment to be provided by clients and shareholders. Any government regulation in this area should go toward strengthening the punishment for failure of diligence. Legislation that specifies the bits and bytes of security is the wrong way to go.

  • The key question surrounding privacy laws is: "who owns the data?". This is an important distinction to make.

    As I understand it, in the US the *collector* of the data owns the data. Whereas in the EU, for example, the person who is the subject of the data owns it. This is big business too - why do you think Gmail is free and constantly available with as much storage as you want? Entire industries make their money with the procurement, analysis, distribution, and usage of personal data about people. Not judging - just saying it is how things currently are. 

    There is no silver bullet here. I would love to have more control over my data along with increasing privacy for everyone. I think the "let's throw the execs in jail" feels good to say but would not happen and IMO should not happen. We place enough people in prison already. Instead I think the liability landscape should be changed. Ex. when there are major breaches the company usually does not even know until the news reports it. They always claim "they were caught with their pants down" and surprised by super-powerful nation state hackers. That's not the case nor does it accurately depict the threat landscape.

    I am excited to learn how GDPR ultimately turns out. I like Ron Wyden because he is one of the few in Congress that advocates for privacy.

  • So, it's one thing to talk about data privacy in terms of how it impacts the lives regular folks in "flyover country". Ask any politician and they'll acknowledge it's an important issue, even if they then do nothing about it. But consider this: how hard would it be for someone, just one lone hacker, to get their hands on the personal phone records and internet search data for prominent members of Congress? Perhaps the hacker isn't it for financial gain at all and their goal even more diabolical: leaking that VIP data on the web in the weeks leading up to an election or a vote on a key piece of data privacy legislation. That's pretty scary, right? I don't think our political representatives understand the full scope of how important data privacy is.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • SSCrazy, well said.  I think your point about Gmail is especially good.  Have you ever read Google's terms and conditions?  At least here in the US if you put something on Google Drive even they have the right to redistribute, publish, create derivative works, perform it, and a host of other rights that essentially give them every right of an author without actually saying you turn over the copyright.  But...we don't have to use Google.  Gmail is free and uses all the data any way they want and tell you they do, if you don't like it then you can get office 365 which is much more restrictive in how they can use your data.  Perhaps not as restrictive as some people might like but I don't see anyone coming out with an email system that charges enough so that the operators would not need to use the private data.  At least if they are out there I haven't heard of them and apparently they can't get enough to advertise well and if they did would enough people use them?  
    You can have privacy, it just means things are a lot less convenient.  So what I think the real desire is many people want the privacy AND get all the free stuff.  
    Question, do you think HIPAA has really given us control of our health care data or just made it more difficult and costly to get it where it needs to go? Actually that's probably a continuum not an either or.  I think it's made it much more costly and inconvenient for very little actual privacy.

  • Eric M Russell - Thursday, November 29, 2018 7:45 AM

    So, it's one thing to talk about data privacy in terms of how it impacts the lives regular folks in "flyover country". Ask any politician and they'll acknowledge it's an important issue, even if they then do nothing about it. But consider this: how hard would it be for someone, just one lone hacker, to get their hands on the personal phone records and internet search data for prominent members of Congress? Perhaps the hacker isn't it for financial gain at all and their goal even more diabolical: leaking that VIP data on the web in the weeks leading up to an election or a vote on a key piece of data privacy legislation. That's pretty scary, right? I don't think our political representatives understand the full scope of how important data privacy is.

    If it was really that easy it's hard to believe that there are not a very large number of people out there who would be motivated to, and actually, doing it.

  • Eric M Russell - Thursday, November 29, 2018 7:45 AM

    So, it's one thing to talk about data privacy in terms of how it impacts the lives regular folks in "flyover country". Ask any politician and they'll acknowledge it's an important issue, even if they then do nothing about it. But consider this: how hard would it be for someone, just one lone hacker, to get their hands on the personal phone records and internet search data for prominent members of Congress? Perhaps the hacker isn't it for financial gain at all and their goal even more diabolical: leaking that VIP data on the web in the weeks leading up to an election or a vote on a key piece of data privacy legislation. That's pretty scary, right? I don't think our political representatives understand the full scope of how important data privacy is.

    You are right - for sure they do not grasp the implications. Have you ever seen a congressional hearing about technology? If you haven't go to YouTube and get some popcorn ready. 

    To be fair - when we talk about breaches that is primarily a security issue and not a privacy issue. The collection of the data is a privacy issue which can lead to a security breach.

  • billp 37934 - Thursday, November 29, 2018 7:53 AM

    If it was really that easy it's hard to believe that there are not a very large number of people out there who would be motivated to, and actually, doing it.

    I believe that both the means and motive are there. 

    "Cambridge Analytica executives bragged about prostitution stings, swaying elections with misinformation"
    https://www.nydailynews.com/news/world/cambridge-analytica-execs-bragged-prostitution-stings-article-1.3884242

    https://www.nytimes.com/2018/08/28/us/politics/cia-officer-house-election-super-pac.html

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • peter.row - Thursday, November 29, 2018 1:44 AM

    The bit about tech employees having to prove they requested resources etc... when the shit hits the fan, hmmmm, I wonder how that will go.

    Having documentation has helped me. Often I find manager/VP x wants something sketchy done. They haven't disclosed this with other management. Things fall apart and they want to blame the workers. Without some email, workers get fired or chastised and management escapes. Wtih email, manager gets scolded or terminated.

  • GeorgeCopeland - Thursday, November 29, 2018 6:05 AM

    Steve, I have always liked your editorials, but I think you hit this one out of the ballpark. I agree with every point you made.

    The amount of resources you expend on security should be based on the value of the data. This is a business decision, not one that you can specify in legislation. The business concept is due diligence. All entities should exercise due diligence in protecting their data and systems. If they do not, they should be hammered into the ground. My preference is for this punishment to be provided by clients and shareholders. Any government regulation in this area should go toward strengthening the punishment for failure of diligence. Legislation that specifies the bits and bytes of security is the wrong way to go.

    Thanks. I think the GDPR is on the right track here. No bits and bytes specificed, but a framework to pressure businesses to value security according to the value of their data.

  • Jeff Mlakar - Thursday, November 29, 2018 7:33 AM

    The key question surrounding privacy laws is: "who owns the data?". This is an important distinction to make.

    As I understand it, in the US the *collector* of the data owns the data. Whereas in the EU, for example, the person who is the subject of the data owns it. This is big business too - why do you think Gmail is free and constantly available with as much storage as you want? Entire industries make their money with the procurement, analysis, distribution, and usage of personal data about people. Not judging - just saying it is how things currently are. 

    There is no silver bullet here. I would love to have more control over my data along with increasing privacy for everyone. I think the "let's throw the execs in jail" feels good to say but would not happen and IMO should not happen. We place enough people in prison already. Instead I think the liability landscape should be changed. Ex. when there are major breaches the company usually does not even know until the news reports it. They always claim "they were caught with their pants down" and surprised by super-powerful nation state hackers. That's not the case nor does it accurately depict the threat landscape.

    I am excited to learn how GDPR ultimately turns out. I like Ron Wyden because he is one of the few in Congress that advocates for privacy.

    I agree that more people in jail doesn't help. However, executives ought to be accountable. Personally, a little incarceration might be good, perhaps a week in county jail, but more I'd like to invalidate compensation contracts, especially bonuses and termination parachutes, and cause some terminations. That might actually put pressure on businesspeople.

Viewing 15 posts - 1 through 15 (of 17 total)

You must be logged in to reply to this topic. Login to reply