FOREWORD - Handle with Care
Telcos ignore data protection at their peril, says Lynd Morley
In the wake of the recent fiasco of a UK Government department managing to lose the personal details of 25 million individuals - described as the country's worst ever data protection breach - it is worth noting that, for some time now, there have been many warning voices about the fragile state of data protection, and the risks attendant to data loss, not least of which is the massive potential for identity theft and fraud.
But the subjects of data protection, security, privacy and identity management just don't stand a chance of being "sexy" in the fast moving, competitive, high-octane industry that telecoms now believes itself to be. I was astonished, at a recent conference, when discussing the use of personal information gathered about network users for marketing purposes, to be told by a pretty senior telecoms player that "customers don't really care about what we do with their data".
Yet there are those, within the industry, who are clearly concerned - and have been for some time. Witness, for instance, a report earlier this year from law firm Linklaters' Technology, Media & Telecommunications Group. Entitled Data Protected, it stresses that in a EU market of half a billion people, it is increasingly important that businesses address compliance with data protection legislation in a systematic way.
"There is a risk that any such compliance programme will take its impetus from the more exotic and media-friendly issues such as the passenger name records spat between the EU and US, and the dispute over the disclosure of banking payments to the US Department of the Treasury," notes Christopher Millard, Partner at Linklaters. "However, in reality, it is no more likely that the EU's 27 national data protection regulators will make any serious attempt to close down the global banking system than it was that they would try to stop planes flying across the Atlantic and, although ad hoc enforcement action by individual regulators can't be ruled out, the only practical solution is for a deal at an inter-governmental level."
Millard goes on to comment that, with the above in mind, organisations should concentrate on the issues they can control and really should be doing something about - if they aren't already buttoned down. Among his suggestions for attention, is the need to get people to take information security seriously. Millard explains that, by forcing organisations to regulate themselves by sending warning notices to individuals who might be at risk of identity theft following security breaches, US State legislators appear to have stolen a march on the EU with its often bureaucratic approach to regulation. The European Commission has consulted on whether breach notification rules should be introduced in the EU, starting with telcos and ISPs.
Millard further suggests that priority might be placed on "stopping people doing stupid things with e-mail." He notes that despite all the publicity surrounding ‘smoking gun' e-mails, many organisations still seem to have a cavalier attitude to e-mail and, worse still, instant messaging. Many don't bother to deploy appropriate policies, training, software tools or disciplinary procedures.
However, judging by the furore following the UK Government's lapse, there are signs that enterprises and their customers are becoming more aware of the issues, and more concerned about privacy and identity theft. The Enterprise Privacy Group, for example, has noted growing interest in the concept of ‘Information Brokers' to help users control their personal data. As customers do gain understanding of the issues, it would be an unwise company that didn't address privacy and identity concerns.
www.linklaters.com
www.privacygroup.org
Share this article with others
Post to del.icio.us
Printed from http://www.eurocomms.com/features/112042/FOREWORD_-_Handle_with_Care.html
Comment on this article
Skip to comments
We encourage users to analyse, comment on and even challenge European Communications's articles, including the one above - 'FOREWORD - Handle with Care'
User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site.
Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. We will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site.