Collaboration is key to ensuring digital data security

The iPad is the latest addition to a variety of mobile devices that can change the way we interact with people, businesses and, in some cases, government....

The iPad is the latest addition to a variety of mobile devices that can change the way we interact with people, businesses and, in some cases, government. It is a device designed for a world where people want to make the process of participating in modern society that little bit slicker.

But it is not the devices themselves that have grabbed attention - it is the number of applications available. The growth in software able to reduce daily processes to automated functions is exponential. Last month Apple saw its billionth application downloaded through the App Store. It is an indication that we are quickly moving towards a truly digital society - an environment in which consumers, businesses and government have total confidence in digital technologies to support their daily processes and systems.

This presents huge opportunities to streamline previously cumbersome processes, make consumers' lives easier and reduce the cost of running businesses. These are important benefits but they also present some nasty challenges, mainly because turning these opportunities into reality can make it more difficult to protect people's privacy.

There are problems here for everyone.

Companies that gather and store data - often referred to as data controllers - now have to secure increasingly vast amounts of information. A society in which digital systems are part of the social and commercial fabric generates vast quantities of data. According to research firm IDC, 1,200 exabytes of digital data will be generated this year. That is the equivalent of ten billion copies of Computer Weekly. Storing that amount of data securely requires the rapid development of new technology that goes way beyond current storage systems.

Citizens may enjoy the ability to pay for concert tickets with the click of an icon, but they remain horribly exposed by the current legislative framework if a data breach occurs. Under recent changes to the Data Protection Act, individuals can only claim compensation if they can prove financial loss from a data breach. This is incredibly difficult and provides no route for compensation for the emotional distress caused by data privacy attacks. Today no suitable route exists for individuals to hold data controllers to account. This means they have to rely on the regulator - in this case, the Information Commissioner's Office (ICO) - to seek redress. Considering the ICO's fines are limited to £500,000, the impact on large companies, if they are negligent, is tiny.

Both of these create a unique challenge for the next government. It is down to the administration to create the appropriate legal, regulatory and technical environment in which people and businesses can benefit from the advantages of new technology while feeling protected from the threat of privacy attacks.

The mistake government must avoid is to think it can deliver this environment on its own; it cannot. It needs to work with every community that has a stake in the outcome. It needs the help of privacy lawyers to craft legislation that considers the best way to protect citizens, business and the state. It needs to work with consumer groups to appreciate the way people perceive the issue of privacy so it can respond to the public's wants around information security. And it absolutely must consult with leaders from the technology industry to better understand how today's technologies work, how they are used, and how they are expected to develop.

Only then can policy-makers truly understand how to act as the decision-maker in a digital society. Only then can it build a framework in which that society can thrive through new technology, without constantly looking over its shoulder to see where the next data privacy breach is coming from.

Tony Dyhouse is director of the Cyber Security Programme at the Digital Systems Knowledge Transfer Network, and part of the team delivering the A Fine Balance privacy conference on 8th June.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.