Privacy and Policy in 2010

KCarroll's picture

Policymakers & regulators around the globe are refocusing their attention on privacy in 2010, prompting renewed interest in the intersection of privacy & security.

To help its members understand the implications of potential new privacy regulation, the Security Industry Association (SIA) recently hosted its first ever webinar on privacy and security.

As a presenter, along with Sam Docknevich from Siemens Security Solutions, I provided an overview of privacy activities at the state, national and international levels. Mr. Docknevich demonstrated Siemens practical approach to privacy when implementing security solutions for its customers.

On the policy front, regulators are revisiting privacy laws and regulations that have been on the books going back to the 1970s. New and emerging technology applications, such as smart grids, cloud computing and social networking, are driving the reviews worldwide.

International privacy standards put forth by the Organization for Economic Cooperation and Development represent international consensus on general guidance concerning the collection and management of personal information. However, the rapid pace of technological change has led some policymakers to consider existing privacy frameworks inadequate.

In Europe, where privacy is a fundamental right, the European Commission is reviewing its data protection laws which were established in 1996. The Commission also appointed its first EU Commissioner for Justice, Fundamental Rights and Citizenship.

And in mid-2009, the EU released recommendations for implementing RFID systems in a privacy-protective manner after holding public consultations for two years. The recommendations could potentially be codified into law after three years if there is no demonstrable effort on industry’s part to adopt them.

The Vice President of the EU recently said that she has “strong concerns about the threat of wider use of RFID to privacy.” She went on to say that businesses must use their power of innovation to protect privacy from the very beginning of the product development cycle.

In the United States, the Federal Trade Commission (FTC) is hosting a series of public roundtables devoted to technology and consumer privacy. The first workshop was held in December and the final workshop takes place on March 17. The goal of the workshops is to determine how best to protect consumer privacy while supporting technological innovation and beneficial uses of technology.

As the FTC focuses on privacy and technology, a reauthorization bill before Congress would give it more rulemaking authority that could potentially lead to regulations to protect consumer privacy. Traditionally though, the FTC has operated on the principle that consumer choice should govern the market barring significant harms to consumer privacy.

Industry can take steps to protect privacy by following best practices, implementing voluntary standards, and undertaking pre-emptive risk mitigation strategies. Addressing privacy through innovation in design, manufacture and implementation will demonstrate to policymakers that new privacy regulations are unnecessary.