Technology continues to transform business. That’s not new.
However, getting a handle on the new technology that is transforming business is critical to transforming how organizations need to manage privacy.
These technologies are not only changing business, they are changing who and what has custody and control over personal information.
Devices that can contain information are increasingly prevalent; they are used for both work and home purposes, blurring the lines between the two, and result in ceding of control over the devices and the information to employers, service providers and others. These devices are increasingly networked, resulting in the addressability of previously unconnected devices. More and more are becoming “smart” and interactive.
In addition to these devices, there is a proliferation of repositories for personal information on the web, and of new ways to provide interconnectivity and interaction. This means that there is more personal information in more places under the control of more entities.
New rules are expected related to specific techniques and technologies, such as with behavioral tracking and advertising on the internet, the use of radio frequency identification (RFID) applications and the implementation of the Smart Grid. These emerging technologies will bring specific regulatory and self-regulatory requirements to govern their implementation.
Finally, cloud and utility computing afford new economies and efficiencies to information processing, but it spreads the custody and control of personal information well beyond the organization’s traditional boundaries. The result is that information about people is held in a variety of logical and physical objects, and controlled by a variety of entities.
These technologies are not only changing business, they are changing who and what has custody and control over personal information. They are changing the way that organizations manage privacy.
Ask yourself
As your organization expands its use of new technologies and architectures, have you:
- Determined how you will adapt your privacy risk management to address the risk related to the loss of direct control and custody over personal information?
- Actively begun to address the regulatory compliance and control impacts over mobile devices and cloud computing?
