Privacy is now a cornerstone of corporate governance," says Toby Stevens, director of Enterprise Privacy Group and keynote speaker at the ITWeb Security Summit 2007, to be held at Vodaworld from 22 to 25 May.
Stevens says privacy must be treated as a critical part of an organisation's corporate governance infrastructure, and assigned the same priority and penalties as any other aspect of that infrastructure.
"If privacy isn't mentioned in the annual corporate governance report, then something has gone wrong," says Stevens.
The problem with privacy, is that unlike security, this makes it extremely difficult to mandate standards for the handling of personal information, since we all require different levels of control, he says. He adds that data protection laws provide frameworks to ensure that organisations go through due process in the handling of personal information, but they don't specify standards for how to actually do it.
For example, he says that even within Europe, where nation states are all subject to the same European Data Protection Directive, the local interpretations of that Directive can differ greatly. This can make compliance across multiple countries a very tricky affair.
Balancing information security and privacy
"In the corporate sphere, the key to the balance between security and privacy rests on the principle of data minimisation," Stevens says.
Many organisations hold more data than is strictly required to fulfil customer needs, he says.
"More enlightened companies are now purging their data silos of unnecessary data, recognising that it can be as much of a liability as an asset."
Stevens believes that SA's new privacy bill should be a boon for business, because it will allow companies to transfer data around the world with much greater ease.
ITWeb Security Summit 2007
Taking place from 22 - 25 May 2007 at Vodaworld, ITWeb's Second Annual Security Summit will bring together almost 30 international and local IT and security professionals, practitioners, industry experts and analysts. They will share their experiences, acquire knowledge and gain an understanding of the key tools, techniques and strategies needed to safeguard their organisations' most valuable asset - information. International security guru and author, Bruce Schneier, and creator of the Pretty Good Privacy (PGP) e-mail encryption protocol, Phil Zimmermann, will deliver the opening keynote addresses. More information about the event and delegate bookings is available online at www.securitysummit.co.za or by contacting Denise Breytenbach at (011) 807-3294 or denise@itweb.co.za.
Related stories:
Privacy law still way off
Business at risk from poor governance
Share