My Neighbor and Your Enterprise Data Privacy: They're Not as Unrelated as You Think

By TechZone360 Special Guest
Dave Packer, Senior Director of Product Marketing, Druva
April 23, 2015

If you give your house key to your neighbor, he has the opportunity to snoop around through your vinyl album collection. That has lessons for enterprise security (with fewer copies of David Bowie to worry about).

Whenever I read an article about data privacy, especially when it comes to breaches, I think of my neighbor. I give my neighbor the key to my house in case of emergency, such as a plumbing problem when I’m on vacation. An odd thought goes through my head sometimes: My neighbor has teenage kids; what if they decide to raid my classic ‘80s vinyl collection when I’m not home? Maybe that makes me a bit paranoid (not to mention overstating the long-term appeal of Oingo Boingo and Siouxie and the Banshees), but it highlights the difference between security and privacy, two terms that are often meshed together and confused.  

The security piece is the lock on my door that needs a key. Because I handed a copy of that key to my neighbor, I’ve given him authorized access to my home. That creates an ethical contract between us: He won’t rummage through my stuff without me knowing.  That’s the privacy bit (he is a trusted party), when someone is given authorized access.

Let’s say the police come to my home when I’m not there. Upon showing my neighbor a warrant, they’re provided access to my house. I might not like it, but that’s legally authorized access — though from a privacy perspective it’s questionable. Why the access? What for? How are the police using what they find? Do I have any unreturned library books? What if the individuals who show up are not really the police but people pretending to be so?

And so we enter the muddy waters of data privacy—because this process (and its moral issues) is as true for your personal data as it is your enterprise data, or for the data of your customers whom you are trusted to protect.

Image via Shutterstock

Of course, when it comes to data, the locks are much different, the controls are different, and (hopefully) we make written contractual agreements with vendors and employees to ensure those controls are enforced. And, if you’re fortunate, your neighbor who might also have your key (think encryption key and your service provider) will at least tell you the police rummaged through your house even if he can’t tell you what exactly for, as in Dropbox’s transparency report.

But these “obvious” business processes around how your employees must handle Personal Identifying Information (PII) or Personal Healthcare Information (PHI) often get neglected. Or we forget about them, in the stack of all the other things to sign and agree with (like we tend to glaze over all that mortgage paperwork we spend hours signing but have no clue what any of it actually means). Throw in the sometimes ambiguous global data privacy acts enacted by countries around the world (see Data Protection Laws of the World) and the fun really begins for your IT department.

I don’t need to look hard to find examples of the dangers of procrastinating on data privacy policies and implementing them. The Federal Communications Commission fined AT&T $25 million, just this month, for failing to protect customers’ personal information from misuse, including Social Security numbers, from their own internal teams. As an AT&T customer, I cringed, and of course I thought about my vinyl collection.

I’m not the only one to cringe about the challenges of data privacy. A recent study conducted by Dimensional Research, on the behest of Druva, discovered that 93 percent of respondents are challenged by data privacy. One big concern is that, for 82 percent of respondents, their employees don’t always follow the company’s existing data privacy policies (citing sales and marketing as the most egregious violators). Not that the employees necessarily know what to do; a large subset of those employees have “insufficient” knowledge to know what’s required to protect sensitive privacy-protected data. (The survey was conducted in March 2015 with 214 IT and business professionals directly associated with enterprise security and privacy.)

This data also aligns well with a recent posting by 451 Group which discovered that data privacy tops the IT priority list of security challenges.

I’m sure we in the computer industry will address data privacy challenges, just as we’ve gotten better (mostly) at IT security. We’ll keep creating better locks, that’s a given. But we also need to become more consciously aware, innovative, and diligent in building and implementing technologies for protecting data privacy as locks are just deterrents, not the complete solution. In the meantime, maybe I should move my vinyl collection into the cloud...

About the Author: Dave Packer is Senior Director of Product Marketing, at Druva.




Edited by Dominick Sorrentino


SHARE THIS ARTICLE
Related Articles

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More