Data Privacy Day (DPD), an international effort centered on respecting privacy and safeguarding data, was celebrated on January 28 in commemoration of the signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Across the country and around the globe, people celebrated DPD with events aimed at raising consumer and corporate awareness about data privacy issues, including the Internet of Things (IoT), data breach security, and sophisticated data analytics practices. CyberTECH, one of the nation’s leading cybersecurity and IoT-based ecosystem networks, hosted a day-long seminar in San Diego on the impact IoT exerts on individual and corporate privacy.
Co-sponsors of the event included Securing Our eCity, a recognized cybersecurity awareness and education foundation; Identity Theft Resource Center, a nationally recognized identity-theft awareness organization; and the Ponemon Institute, the nation’s most distinguished privacy think tank research institution. The invitation-only event took a think tank approach to possible solutions and featured some of the top names in the security industry from around the country, including Larry Ponemon, founder of the Ponemon Institute; Ryan Gillis, director of legislative affairs and cybersecurity policy of the National Security Council Staff at The White House; Mike Coomes, Director of DoD International Cybersecurity & Internet Governance; Darin Anderson, founder and chairman of CyberTECH; Peter Evans, VP of the Center for Global Enterprise; and several other industry experts and practitioners.
“We are at a critical juncture where the concerns around the Internet of Things can be addressed before the tidal wave of products built around it are actually brought to market,” Andersen said. “Issues of security and privacy need immediate attention if consumers, government, schools, and corporations are going to get ahead of these problems and assure themselves protection.”
During the morning roundtable discussion, Pell Center Fellow Francesca Spidalieri discussed the role that education and training programs should play in raising awareness on data security, and also the need to encourage businesses to be more transparent about the way they collect, use, and share their customers’ personal information. “We cannot expect new technology tools and software alone to protect our data online,” Spidalieri said. “We need to better educate users and consumers about the steps they should take to better protect their personal information online. At the same time, we need to urge industry to engineer better and more secure products. New technical, legal, and policy approaches are needed to confront the flow of poisoned products that are being introduced in the marketplace, and fix them prior to the IoT wave of vulnerabilities and poisoning that we will be facing in the next 3-5 years.”
The afternoon scenario-based group exercise, led by Dr. Ponemon, aimed at generating intriguing and potentially actionable ideas. Participants were divided in subgroups, each with the responsibility for a specific role such as government, consumer, manufacturer, or supply chain. The groups were presented with an IoT-related scenario and specific discussion questions to actively explore, share ideas, and develop actionable solutions from their respective roles in the exercise. The findings of the exercise will be made public through videos and white papers, co-authored by Dr. Ponemon and Ms. Spidalieri.
The keynote speeches and panel discussions that followed focused on various other aspects of data security, privacy, and trust in IoT platforms. Mark Weatherford, principal at the Chertoff Group, warned the audience that “in the next decade, we will become completely dependent on the Internet. Someday soon we may ask why things aren’t connected to the Internet rather than why they are connected.” Participants agreed that privacy controls ought to be embedded in all IT products and services, and that data privacy cannot exist without good security first.
While the Federal Trade Commission recently unveiled its report on IoT, concluding that it is still too early for legislators to craft data privacy and security protection laws specific to Internet-connected devices and products, the hope is that efforts like Data Privacy Day can increase consumers awareness about privacy issues and highlight why it’s important for companies and organizations to be responsible data stewards.