Data helps organizations make more informed decisions about how they serve their customers. Data informs policy and procedures and feeds more personalized interaction with people. But with great power comes vast responsibility. The data that organizations hold can be incredibly personal. It's more than just someone's social security number. It is information about where people live, work, shop, keep their money, get their news, and more. Individuals should have control over who knows this information and, if they do have it, how they use it. However, most of us do little to understand our privacy rights beyond blindly clicking a checkbox that allows sites to collect information about our activities.
Data privacy practices ensure that the data shared by customers is only used for its intended purpose. A multitude of laws, including the Health Insurance Portability and Accountability Act (HIPAA), Electronic Communications Privacy Act (ECPA), Children's Online Privacy Protection Act (COPPA), and General Data Protection Regulation (GDPR) have been enacted to provide guidelines to organizations and promises of data privacy to individuals.
Differential privacy is emerging as a leading tool to help organizations meet these requirements and to give individuals more confidence that they are not being followed. Differential privacy practices mean that organizations can collect and share aggregate information about user habits, while maintaining the privacy of individual users. The process includes randomly changing some of the data associated with an individual. These introduced errors make it virtually impossible to compare people's information to determine someone's identity. Of course, this randomization must be done precisely to ensure that the statistics gathered remain accurate.
The issue of privacy is at the forefront of public discourse as more and more data is collected and used to track COVID infections, vaccinations and contact tracing. To stay on top of the latest practices and policy discussion, check out some of these events and resources.
- Identity: Aligning Audits with the Mission (March 25, 2021; Webcast) - Government agencies have touch points to the most sensitive information about citizens, and understandably have regulations in place to secure the privacy and access of those records. One key aspect of addressing regulatory compliance is the agency's ability to protect the integrity of government systems by preventing and detecting unauthorized or inappropriate access. Learn from government and industry experts how effective risk management and internal controls play a role in safeguarding government's most valuable asset - data.
- Oktane21 (April 6-8, 2021; Virtual) - Join like-minded people who understand the pivotal role of identity in our changing world. Meet leaders and practitioners across industries building breakthrough identity experiences.
- Identity Management Symposium (April 21-22, 2021; Streaming LIVE) - The 2021 Symposium will address innovative identity management capabilities that are helping to enhance operational effectiveness throughout all sectors of government agencies.
- The Tech Trojan Horse: China's Strategic Export of the Surveillance State (White Paper) - China aspires to be tomorrow's digital hegemon via the strategic export of its surveillance state to developing and autocratic countries. This paper discusses strategies the U.S. can use to combat growing Chinese influence in the developing world.
- Considerations for Managing the Internet of Things (White Paper) - Many organizations are unaware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices. The purpose of this NIST publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their individual IoT devices throughout the devices' lifecycles.
Let us know what resources you've found helpful in understanding privacy. Share your thoughts in the comments.