E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: SearchSecurity

Posted on August 15, 2011

Changes in technology and legislation are exposing weaknesses in the way organisations manage sensitive personal data, and as a result, many of them are now carrying out urgent reviews of their privacy policies.

According to research group Gartner, 50% of all enterprises will revise their corporate privacy policy requirements before the end of 2012 in order to reflect changes in business practices, such as the use of cloud computing and location-based services available on smartphones. Gartner's forecast is based on interviews with its clients. Carsten Casper, privacy research director for Stamford, Conn.-based Gartner, said changes to laws on privacy and mandatory breach disclosure are also forcing companies in the UK and around the globe to review their security policies.

"We are seeing new privacy laws around the world in places like South Africa, Mexico and Asia-Pacific," Casper said. "There is general pressure on organisations to look at the existing approaches to privacy, not just in the UK, Germany and the rest of Europe, but also the rest of the world."

He said it used to be enough for companies to tell customers their information was protected, but now the general public is much more aware of data breaches and the importance of privacy, and in turn require greater reassurance and information about how their data is managed.

"Companies need to explain how they deal with these challenges, about who they are engaging with, and their approach to social media and mobile devices," Casper said. He also said, in the wake of so many recent data breaches and losses, especially in the UK, companies must emphasise the importance of regaining consumer trust, being clear about the information organisations collect and how they handle it.

He added that corporate privacy policies alone are not the answer. Companies must be clear about who is responsible for data privacy, and senior management needs to understand why privacy is important and communicate that to their staff.

"The policy," Casper said, "needs to be more than just a piece of paper."

Gartner identified five key issues of concern for privacy officers over the next two years:

Data breaches: They are easy to control if organisations compartmentalise personal information, restrict access, encrypt data going across public networks, encrypt data on portable devices, and encrypt data in storage, in order to protect it from rogue administrators or hackers. It says companies should consider data loss prevention (DLP) tools, tokenisation, data masking and privacy management tools.

Location-based services: Some organisations collect vast amounts of location information, often without a clear plan of what to do with it, thus violating a fundamental privacy principle, namely to collect information only for the purpose for it is needed.

Cloud computing: The problem is privacy laws apply to one country, while the public cloud straddles national boundaries. Privacy officers should insist on knowing where data will be kept. Gartner said privacy laws have some flexibility, that guidance is evolving slowly and, in many cases, there are legally acceptable solutions. It said organisations should focus on the location of the legal entity of the provider, rather than on the physical locations of its operation centres.

Assessing the value of privacy: Organisations will struggle to find a balance between "not enough" and "too much" protection, and striking this balance needs to be an ongoing process. Gartner suggests corporate privacy officers should set up a process to identify stakeholders for personal information, gather requirements from them, and use it to influence the design of the business process and applications.

Interpreting the law: Since laws usually lags behind technological developments, organisation need to interpret generic privacy legislation for a whole raft of emerging technologies, such as smart meters, facial recognition on smartphones linking to photo databases, vehicle and device locators, presence detection and body scanners.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.