A joint paper released by Canadian Information and Privacy Commissioner Ann Cavoukian and Deloitte & Touche LLP, provides corporate executives with suggestions for developing strategies for information security and privacy protection.
The Security-Privacy Paradox: Issues, Misconceptions and Strategies examines the complex and often misunderstood relationship between the disciplines of information security and privacy protection.
"The evolution of the computer from a passive, mechanical record-keeper to an interactive, networked transaction manager has dramatically increased the volume and variety of personally identifiable information collected by organizations," said Commissioner Cavoukian. "This capability for high-speed, high-volume processing and dissemination of personal information creates the potential for substantial risks - as well as large-scale opportunities - associated with information security and privacy protection. However, you must address both - never just one. While information security and privacy do overlap, at times they may appear to contradict. In preserving one alone, companies can do serious damage to the other."
The joint paper helps to clarify the security-privacy paradox for senior executives and other professionals. The paper:
- Describes and illustrates major characteristics, points of difference and areas of overlap between information security and privacy protection;
- Addresses issues and misconceptions that can lead to wasted money, time, effort, conflict and, all too often, inappropriate measures and programs; and
- Recommends and prioritizes business, organizational and technical approaches that are cost-justifiable and can be beneficial in reaching regulatory compliance.
"For those companies that can effectively master building a foundation of trust between themselves and their customers the rewards will be significant. In doing so, companies must effectively address information security and foster an environment that protects customer privacy," said William Levant, Global Privacy Leader, Deloitte & Touche. "The creation of trust in this on-line business world is what can give one company a competitive advantage over another."
The Security-Privacy Paradox cites examples of approaches that work, and those that have failed. In its concluding Roadmap for Successful Strategies section, it offers 16 key steps for smart businesses to follow.