Finally after couple of protests, few thousand lost members and coverage on CNN, Facebook Privacy policy is back to where it was. Not that the earlier one was any good – but better than “Facebook owns all your data” statement.
(0)Tag Archive for 'privacy'
As if appointment of Rod Beckström as director of National Cyber Security Center (NCSC) was not foolish enough, Bush administration couldn’t help tolerating Mr Chertoff’s ideas of privacy. In a public appearance at Canada, he attempted to explain how fingerprints are not his idea of personally identifiable information (personal data). What people, especially those who handle security, must understand that personal data can not be described by confidentiality alone.
What most people do not understand is the difference between personally identifiable information and confidential information, or as Schneier puts it ‘the difference between personal data and secret data. To put it simply, personally identifiable Information (PII) refers to any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains. It has little to do with confidentiality of the information on its own. Postal codes/ zip codes and fingerprints are few such examples of less-confidential personal data.
Indian government either needs a session on risk perception. It has this tremendous capacity to recognise a threat from a cow to a smartphone.
The way things are turning out in India, we will soon see DoT ordering NIC to maintain a national mail server where all our emails will be mirrored and scanned for keywords that reflect terrorism. Atleast people can look up to NIC to snoop around in other’s email and ask for backup just incase an email is deleted from their servers!
The last few years have seen alarming rise in demand for security products and services within India especially related to data security. Be it firewalls, VPN boxes and encryption solutions, or ISO 27001 and SOX consulting, the demand has only increased. There is not one reason amounting to this growth. Contractual clauses for BPO segment have become harsher. Fear of data breach within companies has increased. Salesmen (or Pre-Sales consultant as they are known these days) have mastered the art of selling expensive yet ineffective solutions. And so on. But do the solutions protect private data of consumers better than before? Probably not to the extent it should be protected. And yet, there are not as many cases of privacy violation in cyberlaw courts in India as one thinks there would be. The problem with Indian way of securing information and assuring privacy is many folds. Continue reading ‘Learnings from India: How not to secure personal data’
I am Sumeet,an information security enthusiast, crazy about Coffee, iPod, everything mac, travelling, consuming rss and eating. I work for a large consulting firm where I usually rant about security best practices.