As RSA Conference 2016 draws near, I’m excited to see that privacy is at last getting its day in the sun. This topic has often seemed like an after-market add-on at the conference in previous years. Last year, in fact, most of the booths at RSAC were touting the fact that they had security AND privacy, but when pressed, privacy usually meant encryption. Fortunately, that has changed.
Why? The huge data breaches of last year, particularly those affecting the healthcare industry and the federal government, exposed more than 100 million records containing private, sensitive information. These events brought home the reality of how vulnerable our data remains and how fragile our cherished privacy has become.
Another key reason for the emphasis on privacy stems from the ongoing debate over whether governments should be allowed a surveillance “backdoor” into encrypted applications.
Other, global factors are at work as well. As financial markets are softening, organizations are turning to information technology as a means to extend, enhance and grow business. This is leading to a focus on creating new privacy enablers. And the recent terrorist attacks in Europe have led to questions about the level of information law enforcement and governments need to keep citizens safe without completely compromising individual privacy.
I’m looking forward to adding my voice to this important discussion at RSA Conference 2016. I will take part in two sessions:
- Privacy, Security, IT and the New European General Protection Regulation: The final draft of the European legislation gives regulators the power to levy fines of up to four percent of global profits on breached entities. That’s a huge wake-up call for organizations, but there’s no need to panic. The goal of this session is to help organizations prepare for this new regulation, securely manage and share information, and ensure that IT, security and privacy work better together.
- Can Government Encryption Backdoors and Privacy Co-exist? Is It an Oxymoron? This session promises a lively debate on whether government encryption backdoors and privacy can co-exist. Here’s a quick preview of my stance: A door is a door. Where you create an elaborate system of additional complexity on top of an already complex system, you are introducing risk and a new threat surface for both the attackers and people you think are lawfully entering the environment.
I hope you can join me at RSAC for one or both of these sessions, as coming to a workable solution regarding privacy will require much thoughtful discussion. Now is not the time to be shy! Let your voice be heard – including in the comments section below.