Tech Leaders Call for Global Harmony on Privacy, Security
In the borderless digital world, tech and finance companies can get tangled up in a web of laws and regulations on privacy and data security.
Fri, January 27, 2012
CIO — For large multinational companies, or even smaller outfits with modest aspirations of foreign expansion, the patchwork of global laws and regulations governing security and privacy can present a major compliance challenge.
It is small wonder then that a group of executives from major technology and finance firms, gathered at George Washington University's law school for an event to mark Data Privacy Day, lamented the overlapping and often conflicting security and privacy landscapes their firms must navigate.
"I think that we still have quite a ways to go," said JoAnn Stonier, global privacy and data protection officer with MasterCard Worldwide. "It's really still a challenge, the lack of consistency."
MasterCard, with operations in more than 200 countries, often finds itself dealing with regulatory or law enforcement authorities overseas who ask the credit card firm for a level of cooperation that would actually run afoul of that country's own privacy restrictions concerning data sharing or other sensitive issues, according to Stonier. That puts the company in the strange position of education a regulatory body about the rules and policies of its own country.
Paul Otellini, Intel's president and CEO, echoed those concerns. In a pretaped video message prepared for Thursday's event, Otellini touted the advances that private sector players have made in privacy and security, including his own firm's efforts to embed security into the microprocessor, but acknowledged that "there is also a government role," though still warning against overly prescriptive remedies that could curb the pace of innovation.
"Precisely because technology and the threats it faces are always changing, we need laws that protect individuals long-term. These laws and regulations ought to be technology-neutral. They should protect individuals even as our technology evolves," Otellini said.
"And if it's going to work on a global scale, the regulators of the world need to harmonize standards so that laws are crafted to go beyond a single market or a single country," he added. "Cybercriminals do not respect borders."
Stonier noted, cautiously, that she is "hopeful" about a gradual meshing of the legal and policy regimes: "I think we're seeing regulators talk more."
European Union Addresses Privacy and Security
Earlier this week, the European Commission took the first step in what could be a major overhaul of its own privacy and security policy frameworks, as European Union Justice Commissioner Viviane Reding unveiled a proposal to update the body's 1995 Data Protection Directive, the set of privacy principles that have been the law of the land dating to the early days of the commercial Web. While many provisions in Reding's proposal would differ dramatically from U.S. laws and regulations, they would seek to create consistency within the European Union. Even as 27 member states have adopted the 1995 directorate, it has been implemented inconsistently, leaving firms with a presence across Europe dealing with different sets of rules.