Privacy Across the Pond, Part 2

Privacy Across the Pond, Part 2

From consumerization to IoT devices to a tax on chardonnay — CTO and Head of Strategy, Andrzej Kawalec and GM and Global Vice President of Digital Identity and Data Management, Julie Talbot-Hubbard break down all things privacy, data and identity in Part 2 of Privacy Across the Pond.


Listen to our podcast for the full interview between Andrzej and Julie.


Question 1: Is the value being delivered by a connected world greater than individuals’ data privacy?

Julie: Something I've seen in the last two, three, five years is the amount of data being tracked on an individual exponentially growing. The consumer is really seeing the benefit of giving their data, whether it be on additional discounts or from a healthcare perspective. I’ve seen adults put these dongles on their car to really start monitoring their children's driving patterns – but more from a safety perspective.


With all this increasing consumerization, I would say just digital in general, do you think the value being delivered by a connected world is greater than individuals' data privacy? I’m interested to hear more about what you're seeing over across the Atlantic.


Andrzej: Thank you, Julie. I think it's so fascinating. For organizations, you only create value when data meets a user or an employee. When an employee can access and use that data, that's when you create the value. Like you say, in a consumer context, if my insurance company is monitoring my driving habits. Based on the fact that I am one of the world's most careful drivers. I drive everywhere several miles an hour under the speed limit. I never break the rules. If, based on that, I get a lower premium and I'm rewarded, that's great.


If by the fact that I go running every day, I never, ever go to the pub or do anything I shouldn't do, I get tailored medical advice, so my insurance premiums go down. I think that there is real value being created by those customized tailored services. I think there is less value being created when that data is used for the organization to deliver more targeted advertising, for example, to drive a better profit.


My fear is actually that huge value can be created for an individual by sharing their personal information, their buying habits, their behaviors. I think the danger is that even more value is created for the enterprises that use and exploit that data. That, increasingly, it will become almost impossible to opt-out. You may be penalized and charged a much higher rate because the whole industry is now based on knowing exactly what each of their consumers are doing.


That for me, that's the real fear. There is huge value being delivered in that connected world. I think it comes at the expense of privacy to some extent. I think it would be very hard to arrest that growing avalanche of data collection and data use and data refinement.


Question 2: How are companies simplifying and securing their customers’ and employees’ digital experiences?

Julie: Your phone is tracking your location and tracking everything else. As the number of devices increase, so are each individual's identities and passwords. I'm interested in what you are seeing across the pond on how companies are working to simplify and secure the digital experience for both their customers and employees. How companies are tackling that?


Andrzej: There is a really dawning realization that employees are a strategic asset for an organization. Enabling and protecting those employees to do their absolute best for their organization is a critical, strategic process. The next step in that [process] is how do we use an employee and their identity to allow them to access the services they need and locations they need to work from wherever they are.


I'm sensing a huge change in how users, employees and identities are viewed within enterprises. I think this isn't just about managing identities, but it's about an identity and data management framework and using those things as strategic assets. Alongside that, you can see the same thing wherever you go. If you work within large global organizations, you can literally go to any office, on any day, any city in the world, and you can access what you need to access. You can work online or offline. You can print. You can get into the buildings. The convergence of all the physical and digital services around an individual to free them up to do that is really starting to take shape and take form.


What I am not sure is keeping up to pace with that, actually goes back to the old method of logging on, accessing and authenticating yourself. More often than not, we are still using a username and a character string – a password that somebody has to remember. In certain circumstances, we are using multifactor authentication. We are starting to see that extend out to the use of some limited biometric, on smartphones for example. I think the biggest area that needs to evolve is that frictionless access and authentication. No longer just at the entry and exit of the process but as you are accessing different systems, different applications, different data sources, collaborating with different people. What I don't think we are keeping up with is how people are working and collaborating and the use of the omni-factor, omnipresent authentication, access control around the person's identity, and the roles they take.


Question 3: How are organizations going to meet growing privacy laws?

Julie: Do you foresee nations, countries coming together, or even on the U.S. side? If we could just get one global privacy standard regulation law, I think that would be beneficial. But what do you foresee in terms of a privacy law perspective? Do you foresee us coming into one global standard? Or how do you see organizations meeting these different laws and regulations?


Andrzej: It's the big question. I think what is likely to happen is that we will develop a low-level and core set of privacy or digital human rights, much like the Geneva Convention or the world trade laws that govern between countries and trading blocs.


The European Union is not going to turn around and face the opposite direction and start to open up and liberalize data collection and privacy. It's going to continue to think about the rights of the individual and consumer first. In the same way that it is doing around copyright laws in IP on Internet-facing services. I would suspect that North America and the U.S. is going to continue to be much more liberal about its approach and place an emphasis on fairness and modernization of services and individual choice and rights. I am not quite sure which way India is going to go. At the moment, they seem to be taking quite a middle-of-the-road approach. Certainly, I think we can all recognize and understand the route that China is taking.


I do not believe that we are going to see standardization around privacy and digital rights. I don't think we are going to see these massively powerful large groups, trading blocs, align even at a very core fundamental level. Over and above what is needed to work together, I think we will see a huge mapping exercise, some critical elements that people will standardize on. But we’ll continue to see divergence in the basic regulations and legal frameworks. It's a fairly bold statement, but I can't see how it will develop any differently.


Julie Talbot-Hubbard
Global Vice President and General Manager of Digital Identity and Data Services
Julie is an experienced cybersecurity practitioner, technology executive and former Chief Information Security Officer (CISO). At Optiv, she is responsible for delivering solutions that balance risk, business realities and operational impacts for Identity and Data Management. Prior to Optiv, Julie held executive positions at global finance, education, health care and technology companies. She was nominated for and attended the FBI Executive CISO Academy and is a board member at the Identity Defined Security Alliance.
Andrzej Kawalec
CTO and Head of Strategy, EMEA
Andrzej brings experience from some of the world’s largest companies. Most recently, as chief technology officer and head of strategy and innovation at Vodafone, he led the company’s enterprise vision of cybersecurity preparedness for more than 462 million users. He previously served as CTO and director of security research at Hewlett Packard.