At the “The Debate Between Security and Privacy Continues: Where Do We Draw the Line?” panel at ALM’s 2016 CyberSecure conference in New York, privacy and security experts spanning government, corporations, and law firms raised key questions about how companies, individuals, and law enforcement interests can balance their needs to secure data across these policy lines.
Moderator Mauricio Paez, partner at Jones Day, explained that there is a significant gap between policy and regulation implemented at the state level and “ground level,” people who deal with that policy in their work, like chief information officers at large companies and law enforcement agents, all the way down to individual users.
Sachin Kothari, director of online privacy, compliance and standards at AT&T, said that this disconnect often stymies growth for large companies. Because policy demands specific protocols for data structures and housing, Kothari said that companies struggle to adapt developments in data streams like Internet of Things (IoT) technology.
“It can really hamper and limit companies from being able to secure user data,” he said.
Additionally, Kothari noted that data regulation intended to protect user privacy can also hamper company innovation around new data streams. “There is a challenge to protect data and implement new technology,” he said.
Panelists somewhat agreed that current policy around information security and regulation can create some unnecessary challenges. Because of the complexity and confusion created by current information security regulations, many companies feel they need to call in legal reinforcements to cope with extensive and perhaps excessive amounts of regulation.
“You need to have a good understanding of privacy law, because you’ll feel like your hands are tied,” Kothari added.
Bill Sieglein, founder of the CISO Executive Network, said his work as a CISO requires a balancing act. In investigating breaches, the CISOs Sieglein works with are looking to identify potential sites of a breach. In doing so, though, “you might be stepping on privacy’s toes,” he said.
Amie Stepanovich, U.S. policy manager for D.C.-based global digital rights advocacy group Access Now, said privacy and security should be considered less as conflicting interests and more as partners in policy. “They should work together,” she said. “There is a mutually beneficial relationship between privacy and security.”
Law enforcement’s access to user and company data has garnered increased scrutiny over the last few years, but panelists largely agreed that law enforcement have a key role to play in data security.
Paez suggested that law enforcement need substantial, if not universal, access to data across privacy lines because of their protective role. “It’s about guarding data from unauthorized access and use,” Paez posited.
Stepanovich added that user privacy is a “fundamental human right” and should be the foremost concern in developing policy around what data law enforcement can access. Though encryption does prevent law enforcement agencies from gaining full access to all data at any time, Stepanovich said there could be more problematic consequences to creating data security infrastructure with built-in holes for law enforcement to gain universal access.
Rather, Stephanovich suggested the legal industry shift the discussion around this issue to helping law enforcement protect against breaches and identify cyberattackers, rather than simply bulldozing privacy safeguards like encryption. Law enforcement need to “get the data they need to solve crimes, not to bypass encryption,” she noted.
Mikhail Dvilyanski, supervisory special agent of the cyber branch of the FBI, agreed with Stepanovich’s assessment, but urged audience members to consider what security problems could arise when law enforcement is unable to properly investigate certain breaches or crimes.
“We should think about the implications if we say that law enforcement is not able to get certain data,” Dvilyanski said.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Gabrielle Orum Hernández
Gabrielle Orum Hernández is a reporter with Legaltech News and the Daily Report covering legal technology startups and vendors. She can be reached by email at [email protected], or on Twitter at @GMOrumHernandez.
