When do you hire your Chief Privacy Officer?

“Chief Privacy Officer” or “Data Protection Officer” is the name of the new job which will appear mandatory for businesses that are either located in the European Union or are doing business with EU. But, only if certain law is approved in October this year.

Source: Networkworld.com

The new law would apply to all companies operating in the European Union, no matter where they are based, and authorities would have the power to impose multimillion-dollar fines on any company that misuses Europeans’ data: either 100 Mil or 5% of the worldwide income of the company, whichever is higher. This is a lot of money…

If passed and implemented as expected in the EU, there would be uniform data-privacy regulation for EU countries with a probable time frame of 2016 to take effect in full.

Apparently, there is a clause in the law that stipulates that a company should obey this law if it processes data of at least 5000 individuals. This number might change …

 

But, leaving the law aside, what does privacy mean?

According to Wikipedia:

Internet privacy involves the right or mandate of personal privacyconcerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet. Internet privacy is a subset of computer privacy.

Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor’s behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to typically identify a specific person.

 

Hmmmm…. We can imagine a lot of combinations which can lead to identify a person. They can be called Person Identifiable Information.

I am thinking at what a forensic analysis on the logs of an ISP would give:

– IP address, time which are always available

– URLs visited, including parameters

And from here there is no limit what can be collected by websites, products, devices.

I remember this comparison done by AV Comparatives about the data collected by AV products.

Data is needed… most of the time.

But, there has to be something that defines the rules of the game.

I hope that this new EU Law will give the limits and that the CPOs/DPOs will guard that it is respected.


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close