IBM's Privacy Chief Discusses Key ConcernsBy Samuel Greengard | Posted 2012-11-08 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
It's critical to establish specific principles and processes relating to privacy and security. You can't anticipate every issue, but you can build a framework.
By Samuel Greengard
In recent years, privacy has emerged as a core issue for organizations across all industries and government agencies. Baseline recently spent time with IBM's new chief privacy officer, Christina Peters, and asked her for her thoughts on a number of key issues.
Baseline: How important is privacy and how does it fit into the enterprise?
Peters: Privacy should be a major concern for organizations around the world. We live and work in a globally integrated business environment, and privacy is increasingly relevant and top of mind. Privacy issues engage us not only as businesspeople, but also as citizens, parents and in other roles in life.
Baseline: What are the biggest challenges related to privacy issues?
Peters: It's important to recognize that employees and the public view privacy as an issue that must be addressed. In addition, there are clear business and legal risks associated with not protecting private data adequately. A huge challenge is the disruptive nature of today's technology and how rapidly change is taking place. It's critical to establish specific principles and processes relating to privacy and security. You can't anticipate every issue and consequence, but you can build a strong framework.
Baseline: What is your approach to privacy?
Peters: The starting point for any privacy initiative is transparency. We use a global privacy assessment that involves software and processes in order to standardize the way we collect, store and use data. The goal is to take a proactive approach and push consistency through the enterprise.
Baseline: What role does security play in the privacy arena?
Peters: Privacy cannot exist without security. Whether information exists on paper, on a server or in the cloud, there are always vulnerabilities. The answer is partly technology—it's important to have the right tools in place—but it's also necessary to engage in an ongoing dialog with employees and educate them about dangers, vulnerabilities and ways to mitigate risk. Many breaches and problems occur because of the human factor. In the end, it takes a multilayered approach to manage privacy effectively.
Baseline: How much training do your employees receive?
Peters: Training is role-based and varies, but everybody undergoes some foundational training every year. The primary focus is on identifying the dangers, how and why they occur, where to find them, and the importance of being alert and reporting a potential problem promptly. For those who require it, there is additional training.
Baseline: What are your recommendations?
Peters: You don't have to have someone with the title of chief privacy officer to deal effectively with these issues, but it's important to have someone—or some people—who keeps an eye on privacy issues. They need to be asking key questions: Do I have more than one layer of security and is this appropriate? How am I using private information and what links exist to this information? Are the policies and tools in place going to help me create or maintain a relationship of trust with individuals?