Privacy and Cybersecurity Risk Management in the Post-Snowden World
Privacy and cybersecurity have become major topics for risk management in the wake of high-profile data breaches and the revelations of Edward Snowden. This speech by globally-prominent privacy and cybersecurity expert Peter Swire explains the current and upcoming landscape for risk related to privacy and cybersecurity.
In the speech, Swire draws on insights from his role as one of the five members of President Obama’s Review Group on Intelligence and Communications Technology, the so-called “NSA Review Group” whose recommendations became a major source for the USA-FREEDOM Act and administration policy changes in the wake of the Snowden revelations. A major focus of the report was how changing information technology is forcing organizations in the public and private sectors to adapt in the ways they manage cybersecurity and privacy issues.
For privacy, changing technology is leading to a “second wave of global privacy protection,” with the upcoming adoption of the General Data Protection Regulation in Europe and multiple legislative and regulatory changes in the United States.
The speech explains the effects on policy and risk management from technological drivers such as: Internet of Things; Big Data; location tracking; pervasive social networking; and comprehensive tracking of web surfing by the advertising eco-system.
For cyber-security, the Snowden leaks are part of what Swire calls “the declining half-life of secrets.” Organizations, both public and private, are having to adapt to data breaches and other information technology changes that increase the revelation of secrets in far shorter times than was previously true. Without the ability to depend on keeping things secret, organizations have to pay more attention to the “front-page test” – how actions within the organization will look once they are known to the press and the public. New types of cybersecurity and other risks face organizations in this changing information technology setting.
In short, the speech provides the big picture on changes in privacy and cyber-security, and how organizations need to understand changing technology to address the growing risks in these fields.