When do you hire your Chief Privacy Officer?

“Chief Privacy Officer” or “Data Protection Officer” is the name of the new job which will appear mandatory for businesses that are either located in the European Union or are doing business with EU. But, only if certain law is approved in October this year.

Source: Networkworld.com

The new law would apply to all companies operating in the European Union, no matter where they are based, and authorities would have the power to impose multimillion-dollar fines on any company that misuses Europeans’ data: either 100 Mil or 5% of the worldwide income of the company, whichever is higher. This is a lot of money…

If passed and implemented as expected in the EU, there would be uniform data-privacy regulation for EU countries with a probable time frame of 2016 to take effect in full.

Apparently, there is a clause in the law that stipulates that a company should obey this law if it processes data of at least 5000 individuals. This number might change …

 

But, leaving the law aside, what does privacy mean?

According to Wikipedia:

Internet privacy involves the right or mandate of personal privacyconcerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet. Internet privacy is a subset of computer privacy.

Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor’s behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to typically identify a specific person.

 

Hmmmm…. We can imagine a lot of combinations which can lead to identify a person. They can be called Person Identifiable Information.

I am thinking at what a forensic analysis on the logs of an ISP would give:

– IP address, time which are always available

– URLs visited, including parameters

And from here there is no limit what can be collected by websites, products, devices.

I remember this comparison done by AV Comparatives about the data collected by AV products.

Data is needed… most of the time.

But, there has to be something that defines the rules of the game.

I hope that this new EU Law will give the limits and that the CPOs/DPOs will guard that it is respected.


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch