The data protection dilemma

THE CHALLENGES of data protection and privacy are actually the same problem, viewed from the quite different perspectives of companies that depend on vast pools of customer information to compete effectively, and the individuals whose privacy is being incrementally stripped away to provide it.

At an event on Tuesday, Rishi Maharaj hosted a group of IT and legal professionals at an all-day seminar that considered these challenges from the institutional perspective, with more than a slight nod to the issues that face the individual users being asked to submit ever more robust profiles of personal information just to do business with online and nearline businesses.

So it was a bit surprising to find no representatives from the private sector at an event which spoke directly to the management and legal responsibilities that will be expected of them in caretaking their most valuable asset in 2019.

There were representatives from government ministries, NGC and the SEC, which suggested a welcome appreciation in governance of the requirements that are likely to shape global data-sharing in a post GDPR world.

The General Data Protection Regulation 2016/679 has already influenced thinking outside its European implementation zone in legislation governing data handling.

Conversations about a Caribbean version of the legislation (http://ow.ly/GoC630ocIyl) are still in the very earliest stages, but the broad requirements seem clear for businesses and governments right now.

Event host Maharaj worked on the Freedom of Information Act and the Data Protection Act in his 12 years in government service. The two acts, he noted, encompass the essential challenge of data, the first dealing with transparency and accountability from the perspective of the individual and public, the other with management and government responsibility for collecting and storing that data.

He was joined during the day by Darren Mohammed, Microsoft country manager for TT; Dr Ann Cavoukian, privacy protection expert; Margaret Rose-Goddard, an attorney with a focus on procurement governance; and Shiva Bissessar, cybersecurity consultant.

Mohammed acknowledged Microsoft’s hope that the region would unify its efforts to create regional data-protection legislation, but would meanwhile work on reinforcing its central message – trust. The company, which Mohammed said had bet its future on cloud services and was doing quite well on that basis, is guided by a quote from CEO Satya Nadella, “Businesses and users are only going to embrace technology if they can trust it.”

The Microsoft manager had many messages for his audience, but at their core is the company’s willingness to fight, within the law, to protect customer data from intrusions both legal and illegal, while taking a determinedly hands-off approach to customer data sets.

In cybersecurity alone, the company has invested a billion dollars in hard US cash in R&D and employs 3,500 security professionals, protecting against five million malware threats per month.

Rose-Goddard, presenting via videoconference, interrogated the nuances in the conflict between the private interest in keeping things confidential and the duty to protect and the public interest in the right to know, the conflict between transparency and confidentiality

“What is of interest to the public and what is in the public’s interest can be quite different things,” Rose-Goddard said. “Just because it is reported in the media does not guarantee that it is in the public’s interest.”

Something that last week’s rash of “buck” stories amply demonstrated.

“People think that cybersecurity is an IT problem, but it’s an organisational risk-management issue,” Bissessar said. “It’s at the intersection of privacy and security that we find the protection of personal information.”

Mark Lyndersay is the editor of technewstt.com. An expanded version of this column can be found there