Emerging international data privacy challenges
According to a new survey from the Cloud Security Alliance there is a growing and strong interest in harmonizing privacy laws towards a universal set of principles.
“Data privacy considerations are often overlooked in the development phase of cloud, IoT and Big Data solutions, and instead are viewed through a maze of complicated regulations and guidance,” said Jim Reavis, CEO of the CSA. “These findings highlight the very significant opportunity for global co-operation between CISOs and InfoSec professionals, privacy leaders, developers and architects, to build privacy principles into new and emerging solutions.”
In conducting the survey, forty of the most influential cloud security leaders worldwide were asked for insights on existing international data protection standards and demands, and to provide information about their regions’ laws and practices surrounding personal information.
The survey was designed to test the existence of universal data privacy and data protection concepts and the extent to which these can be drivers for global co-operative efforts around Cloud, IoT and Big Data. The report was structured in four parts, and the findings were highly indicative of a positive role that privacy and data protection principles can play in the development of Cloud, IoT and Big Data solutions.
Historically, data privacy experts and the Information Security industry at large have focused on deviations between different regions, instead of the similarities, which could encourage more effective collaboration. In discovering areas of alignment and deviation with regard to global data protection laws and practices, organizations can drive innovation within the context of new technologies.
The survey was structured in four parts, with key findings as follows:
Data residency and sovereignty
Many organizations struggle with issues around data residency and sovereignty. However, there was a common theme of respondents identifying “personal data” and Personally Identifiable Information (PII) as the data that is required to remain resident in most countries.
Responses indicated a universal interpretation of the concept of lawful interception, with responses such as: “The right to access data through country-specific laws if the needs arises, i.e. data needs to be made available for a cybercrime investigation.”
Seventy-three percent of respondents indicated that there should be a call for a global consumer bill of rights and furthermore saw the United Nations as fostering that. This is very significant given the harmonization taking place in Europe, with a single EU Data Privacy Directive for 28 member states, as well as with the renewed calls for a U.S. Consumer Bill of Privacy Rights in the United States, and cross-border privacy arrangements in Australia and Asia.
Finally it was explored whether OECD privacy principles that have been very influential in the development of many data privacy regulations also facilitate popular trends in Cloud, IoT and Big Data initiatives or cause room for tension.