New CSA Survey Reveals Emerging International Data Privacy Challenges; Discrepancies Illustrate the Demand for Data Protection Harmonization
By Evelyn de Souza,Data Privacy and Compliance Leader, Cisco Systems
According to a new survey from Cloud Security Alliance sponsored by Cisco, there is a growing and strong interest in harmonizing privacy laws towards a universal set of principles. Findings include overwhelming support for a global consumer bill of rights, global themes regarding data sovereignty, and the OECD principles as facilitating the trends of IoT, Cloud and Big Data.
Data privacy considerations are often overlooked in the development phase of cloud, IoT and Big Data solutions and put in the “too hard” basket. Historically, data privacy experts and the Information Security industry at large have focused deviations between different regions, instead of the similarities, which could encourage more effective collaboration.
The Cloud Security Alliance tested the existence of universal data privacy and data protection concepts and the extent to which these can be drivers for global co-operative efforts around Cloud, IoT and BigData. We hand-picked over 40 of the most influential cloud security leaders worldwide for their insights on existing international data protection standards and demands. The Data Protection Heat Index Survey Report was structured in four parts and the findings were highly indicative of a positive role that privacy and data protection principles can play in the development of cloud, IoT and big data solutions.
Data Residency and Sovereignty
Many organizations struggle with issues around data residency and sovereignty. However, there was a common theme of respondents identifying “personal data” and Personally Identifiable Information (PII) as the data that is required to remain resident in most countries.
Responses indicated a universal interpretation of the concept of lawful interception with responses such as: “The right to access data through country-specific laws if the needs arises, i.e. data needs to be made available for a cybercrime investigation.”
73 percent of respondents indicated that there should be a call for a global consumer bill of rights and furthermore saw the United Nations as fostering that. This is very significant given the harmonization taking place in Europe with a single EU Data Privacy Directive for 28 member states. As well as with the renewed calls for a U.S. Consumer Bill of Privacy Rights in the United States and cross-border privacy arrangements in Australia and Asia.
Finally we explored whether OECD privacy principles that have been very influential in the development of many data privacy regulations also facilitate popular trends in cloud, IoT and big data initiatives or cause room for tension. The responses were very much in favor of facilitating the various trends.
The Data Protection Heat Index survey findings indicate a shared interest in incorporating emerging privacy principles into new solutions versus trying to retrofit existing solutions. The survey report includes an executive summary from Dr. Ann Cavoukian, Former Information and Privacy Commissioner of Ontario, Canada and commentary from other industry experts on the positive role that privacy can play in developing new and innovative cloud, IoT and Big Data Solutions. Download the Data Protection Heat Index survey report. Please tell us what you think by posting your comments below.
Where do you see opportunities for broader industry co-operation around data protection and data privacy?
Evelyn de Souza is a Data Privacy and Compliance Leader at Cisco Systems, where she focuses on developing industry blueprints to help organizations embrace the cloud securely and ensure data privacy in an agile manner. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn previously co-chaired the CSA Cloud Controls Matrix working group and played an integral role in guiding its development and evolution.