My Neighbor and Your Enterprise Data Privacy: They're Not as Unrelated as You Think


If you give your house key to your neighbor, he has the opportunity to snoop around through your vinyl album collection. That has lessons for enterprise security (with fewer copies of David Bowie to worry about).

Whenever I read an article about data privacy, especially when it comes to breaches, I think of my neighbor. I give my neighbor the key to my house in case of emergency, such as a plumbing problem when I’m on vacation. An odd thought goes through my head sometimes: My neighbor has teenage kids; what if they decide to raid my classic ‘80s vinyl collection when I’m not home? Maybe that makes me a bit paranoid (not to mention overstating the long-term appeal of Oingo Boingo and Siouxie and the Banshees), but it highlights the difference between security and privacy, two terms that are often meshed together and confused.  

The security piece is the lock on my door that needs a key. Because I handed a copy of that key to my neighbor, I’ve given him authorized access to my home. That creates an ethical contract between us: He won’t rummage through my stuff without me knowing.  That’s the privacy bit (he is a trusted party), when someone is given authorized access.

Let’s say the police come to my home when I’m not there. Upon showing my neighbor a warrant, they’re provided access to my house. I might not like it, but that’s legally authorized access — though from a privacy perspective it’s questionable. Why the access? What for? How are the police using what they find? Do I have any unreturned library books? What if the individuals who show up are not really the police but people pretending to be so?

And so we enter the muddy waters of data privacy—because this process (and its moral issues) is as true for your personal data as it is your enterprise data, or for the data of your customers whom you are trusted to protect.

Image via Shutterstock

Of course, when it comes to data, the locks are much different, the controls are different, and (hopefully) we make written contractual agreements with vendors and employees to ensure those controls are enforced. And, if you’re fortunate, your neighbor who might also have your key (think encryption key and your service provider) will at least tell you the police rummaged through your house even if he can’t tell you what exactly for, as in Dropbox’s transparency report.

But these “obvious” business processes around how your employees must handle Personal Identifying Information (PII) or Personal Healthcare Information (PHI) often get neglected. Or we forget about them, in the stack of all the other things to sign and agree with (like we tend to glaze over all that mortgage paperwork we spend hours signing but have no clue what any of it actually means). Throw in the sometimes ambiguous global data privacy acts enacted by countries around the world (see Data Protection Laws of the World) and the fun really begins for your IT department.

I don’t need to look hard to find examples of the dangers of procrastinating on data privacy policies and implementing them. The Federal Communications Commission fined AT&T $25 million, just this month, for failing to protect customers’ personal information from misuse, including Social Security numbers, from their own internal teams. As an AT&T customer, I cringed, and of course I thought about my vinyl collection.

I’m not the only one to cringe about the challenges of data privacy. A recent study conducted by Dimensional Research, on the behest of Druva, discovered that 93 percent of respondents are challenged by data privacy. One big concern is that, for 82 percent of respondents, their employees don’t always follow the company’s existing data privacy policies (citing sales and marketing as the most egregious violators). Not that the employees necessarily know what to do; a large subset of those employees have “insufficient” knowledge to know what’s required to protect sensitive privacy-protected data. (The survey was conducted in March 2015 with 214 IT and business professionals directly associated with enterprise security and privacy.)

This data also aligns well with a recent posting by 451 Group which discovered that data privacy tops the IT priority list of security challenges.

I’m sure we in the computer industry will address data privacy challenges, just as we’ve gotten better (mostly) at IT security. We’ll keep creating better locks, that’s a given. But we also need to become more consciously aware, innovative, and diligent in building and implementing technologies for protecting data privacy as locks are just deterrents, not the complete solution. In the meantime, maybe I should move my vinyl collection into the cloud...

About the Author: Dave Packer is Senior Director of Product Marketing, at Druva.

Edited by Dominick Sorrentino

Related Articles

8 Tips on Securing Your Smartphone

By: Special Guest    10/17/2019

People spend more and more time on their smartphone nowadays and it's no wonder. You can do some shopping, check your email, and even visit real money…

Read More

How Bitcoin Trading Is Evolving with Technology

By: Special Guest    10/16/2019

Bitcoin was launched as a purely digital currency at the turn of the decade but soon after, physical bitcoins were introduced into the market. While p…

Read More

The Basic Guide to Choosing Patch Management Software

By: Special Guest    10/16/2019

Patch management plays a crucial role in the security of any business enterprise. Insufficient patch management can leave a business system vulnerable…

Read More

Getting Your (Real) Job Done Means Outsmarting Your Email

By: Erik Linask    10/15/2019

Is your email inbox slowing you down and keeping you from getting your work done? It's time to outsmart and take control of your inbox.

Read More

5 Apps to Help Prioritize, Organize and Get Stuff Done at work

By: Special Guest    10/3/2019

For most people, freedom is best utilized with a combination of other things. Researchers have also revealed that people today fancy a busy and overwo…

Read More