PREDICTIVE intelligence
Championing privacy-first security :
Harmonising privacy and security compliance
Emily Hancock , Data Privacy Officer at Cloudflare , tells us the key to ensuring data privacy lies in the implementation of effective data security . he conventional perception often pits
T security against privacy . Establishing robust security measures involves identifying potential threats , yet this process may involve scrutinising sensitive or personal data , posing a risk to privacy .
In truth , the key to ensuring data privacy lies in the implementation of effective data security . A meticulously crafted , privacy-centric security program not only provides substantial advantages to any organisation but also mitigates potential privacy concerns .
Security vs . privacy misconception
The notion that security and privacy are in conflict arises when these two concepts are taken to their extremes . Within this perspective , any potential access to sensitive data is perceived as a breach of privacy , something to be avoided at any cost . Embracing this viewpoint significantly hinders the effectiveness of security programs in identifying and addressing potential threats .
Take , for instance , the realm of network traffic analysis . Packet inspection , a crucial tool in corporate cybersecurity , is commonly implemented through firewalls , seen as a fundamental security measure in various jurisdictions globally . By scrutinising the content of network packets , it becomes possible to detect potential malware infections , data exfiltration , account takeover and other threats .
However , from a privacy standpoint , concerns arise when packet inspection involves personally identifiable information ( PII ) or other sensitive data . From a privacy absolutist perspective , a preference is often given to end-to-end encryption with no packet inspection . On the surface , these two viewpoints
– ensuring necessary security and safeguarding personal data – may appear incompatible .
Nevertheless , regulators emphasise that providing reasonable security is crucial for protecting data privacy , as evident in numerous privacy regulatory enforcement actions against companies experiencing security breaches . We believe that data privacy and security leaders can reconcile the apparent conflict between security and privacy absolutism , but it necessitates adopting a different perspective on data privacy and security altogether .
What are the potential threats ?
Both data security and data privacy programs are founded on the core principle of risk management . Aligning the objectives of these programs entails examining the conceivable threats to an organisation ’ s data . For any entity handling personal data , ensuring the security and privacy of such information is paramount .
A primary concern within a data security program is the possibility that security solutions might inadvertently access personally identifiable information ( PII ) and other sensitive data while carrying out their functions . These tools , which could include email scanners , network packet analysers , or file inspection systems , may inadvertently come across such confidential content .
Another significant risk to both corporate and customer data is the potential exposure to cybercriminals . For instance , contemporary ransomware tactics involve stealing and disclosing sensitive data if the targeted company refuses to pay the ransom . Even compliance with the ransom demand offers no assurance that the data will be erased and won ’ t be disclosed .
Emily Hancock , Data Privacy Officer at Cloudflare
WWW . INTELLIGENTCISO . COM 33