Technology headlines the last few days have emphasized a developing story in which a US judge has ordered Microsoft to comply with a search warrant. The warrant, issued in connection with a drug-trafficking investigation, requires Microsoft to identify and produce electronic mail records hosted on a server in Ireland. Microsoft has appealed the order, and many of the most competitive tech companies are joining forces to make the same arguments in the appeal. Apple, Cisco, AT&T, and Verizon have all filed papers arguing the better course of action is for the US government to ask Ireland, pursuant to an existing treaty, to seek and produce the evidence. Press reports indicate Microsoft (and, arguably, the other companies) base their position on … Read More
This week, I sat down with the CEO of a boutique information security consulting shop who is reading the draft of my book. What he shared with me was humbling, but worth sharing.
First, he explained to me, the author, that my book is not really about digital trust. Instead, my book explains, in an entirely new way, how human beings make decisions to trust. Sure, we make trust decisions about digital information, he acknowledged, but the book presents a valuable way of understanding how any decision to trust is made, how information is relied upon to make each decision, and how the rules for making those decisions are far more important than the emotions we often associate with trust.… Read More
It will be my pleasure to contribute to this year’s conference (cfp.org). But it is exciting because I will be speaking for the first time in public about the content of my new book. I will be introducing, and applying to the challenges of privacy, three provocative new insights that are the at the foundation of the new architecture presented in the book for crossing the chasm between regulatory ambiguities and the precision in execution required by our machines. Hope to see you there!… Read More
Recently, searchcompliance.com invited me to comment on whether the Digital Age requires companies to toss their entire 20th century records management programs and technologies out and start fresh with information governance for digital records. In fact, there are a number of important features of vintage records management programs worth keeping. To find out which ones, just click on their link above (may require free registration to access). … Read More
Sitting in a health information privacy conference today, I heard a new term—“body score”. The speaker explained it is just like your credit score, an overall score assigned to the condition of your body. It is an easily imagined output of big data analytics applied across your overall health and medical records, interpreted against 100,000s of other similar accumulations. So, just imagine you have a body score, and even sub-scores for your various functional body parts—skin, liver, lungs, blood system, brain, muscular strength, flexibility—and disease vulnerabilities.
How would this affect your life? Imagine trying to buy regular potato chips and the cashier says, “I’m sorry but we cannot process your debit card for the potato chips.” Or you try to … Read More
The Internet of Things is a great noun. In just three words, it describes an entirely new generation of interconnectivity among the devices with which we intersect in our daily lives—toasters, refrigerators, ovens, HVAC in the home, pet monitors, baby monitors, televisions, sound systems, smoke alarms. The Internet of Things installs in all of these appliances connectivity to the Net and the Cloud, enabling you better electronic control and, as reported in many sources, increased surveillance of how you live your life. Consumption patterns, usage patterns within the home, food preferences, sleeping styles, and on and on. But the Internet of Things also invites malicious actors—hackers that intrude electronically. One story I saw this weekend reported hacking into a baby … Read More
Why is privacy such an enormous headache for companies? For centuries, knowing your customer is an essential requirement for success in commerce. Each evolution in business is shaped by an improvement in the capacity of companies to better identify their customers and how to best create products and services that align to the customers’ profiles. Collecting information about a customer is how companies create new wealth—the information enables the companies to produce something that customers will value. The economics are simple: the more useful a product proves to be in meeting a customer’s needs, the more value the customer is prepared to pay. For most customers, sharing information with suppliers is part of the negotiation required to secure the best … Read More
Recently, the legal industry media included a story on the success of a law firm in building trust with its clients. The story described how the international law firm had determined that publishing financial statements about its condition and performance would enhance the trust clients placed in the law firm. Interesting story, I mused, so I clicked. Lo and behold, the law firm was the institution from which I walked away from the practice of law in 2006.
The law firm’s website features videos of its chairman describing their perspective and values. The key element that jumped out at me was transparency. Though the law firm is a private legal entity with no obligation to publish its financial performance, the … Read More
Last week, the European equivalent of the US Supreme Court issued a controversial decision. A Spanish citizen petitioned the court to require Google to remove information from its search results about the citizen that related to a 1998 government-ordered auction required to recover debts the citizen owed. The information was published, and still accessible, on a Spanish newspaper’s website; the court concluded that information could be retained there by the newspaper as part of the “media”.
Google is not a newspaper, but the court concluded Google does collect and process personal data and, for that, is to be classified as a “data controller” under the EU privacy and data protection directives. As such, data controllers have an obligation to remove … Read More
In the last week, several online news sources were publishing analyses about the challenges of structuring compliance. One writer observed that, across different industries, compliance executives were facing common compliance challenges. Another analyst talked about the perils and uncertainties of potential compliance with differing legal rules for what will be required to build and maintain effective information security. But no one is talking about the real monster in the room—the capacity of the computer to serve as the definitive, objective, and authoritative witness.
Take a quick look at the headlines announcing virtually any new enforcement action or agreed settlement, whether in the United States or any other nation—time and again, the government agencies are building their case and prosecuting compliance … Read More