The Privacy Commissioner of Canada has issued a Research Report entitled Privacy and Cyber Security, Emphasizing privacy protection in cyber security activities which examines a number of aspects of the tension between privacy and data protection and cyber security. The Report identifies and examines the following issues and security challenges:
- Complexity of the connected environment;
- Growing sophistication of the threat;
- Threats are moving to the mobile sphere;
- The “big data” paradox: is it a bigger risk or a solution?
- For many, breach preparedness is still not a priority; and
- Compliance vs. risk-management
The Report then identifies some key areas where an increased emphasis on privacy protection is required to “support, advance and augment cyber security activities”. High on the list of these areas is the inclusion of privacy values in cyber security policy directions at the front end. Cyber security should not be an excuse for massive, undifferentiated surveillance. Much of this approach requires that cyber security initiatives should be integrated solutions that address cyber risks, privacy and information for customers/consumers.
In addition, legislation can be used to provide tools to ensure additional protections for privacy. However, legislative solutions need to take into account the ever-changing landscape of cyber security issues and risks. Legislation needs to be balanced and to recognize the realities of business practices and business requirements as well as the need for protection of privacy.
Dialogue and continuing acknowledgment of the swift pace at which technologies are developing is also a key factor to be considered. Security safeguards need to be a key element of risk management, but privacy does as well and there is a need to ensure that privacy compliance and security are seen as complementary goals.
The Report in a must read for those who are faced with the challenge of integrating cyber security solutions and privacy protection obligations.