Recently, I was asked to give a talk about privacy challenges of the Internet of Things. In the spirit of my “Killing IAM” talk, I give you “Big P Privacy in the Era of Small Things.”
Sorry to interrupt you attempting to set you Facebook privacy settings, but I have to tell you something. I’ve got me a new blog over at Gartner. You can get all my rambling goodness on identity management related stuff over there. As for the rants about privacy, they are likely going to stay here, but you never can tell.
Also, I am thinking of building a new version of Privacy Mirror to use the graph API. Any one have feature requests?
With a case of the volcano blues, I found myself at the International Association of Privacy Professionals Privacy Summit 2010. As I sat in sessions and caught up with customers at this, the largest gathering of its kind, I noticed an undercurrent to the overall conversation. This undercurrent sounded, in some sense, very similar to conversations I have with my identity management customers regarding maturity and metrics.
Privacy has moved beyond the compliance officer and is receiving better representation in business operations. Example of this include an increased presence of privacy practices in
- project and software development lifecycles
- procurement and contracting processes especially with respect to procurement 3rd party services
In some sense this has given privacy, and its closely aligned peer – data protection, more of an outward appearance of risk management than compliance. This is evidence of privacy’s maturation.
But as privacy matures, as privacy is seen for its risk management capabilities, as privacy gets more engrained in business operations, better metrics relating to privacy are needed.
I sat in one session in which privacy professionals talked about the challenges of building dashboards to display privacy metrics. Few could point to meaningful dashboards that they had built. Fewer still felt they had a clear handle on what kinds of questions they should be answering and how they should measure to do so. This challenge relating to measuring privacy lines up with recent research I published on policy governance.
As demonstrated by the size of this year’s Privacy Summit, it is clear to see the privacy profession is growing. The questions and nuanced challenges privacy professionals raised during the week are further evidence of privacy’s maturation. Privacy professionals are searching for more metric-driven ways to represent their efforts and programs especially as they work with their business partners. The results of this search for more tangible things to measure is part of the growing pains of privacy that the industry must endure.
Anyone else not surprised by recently findings from this internal report form the London policy force? The net of it is closed circuit television (CCTV) camera do little to solve crimes. It seems that the success rate is 1,000 cameras per solved crime. Just a few million more cameras and we’ve got the crime thing licked, eh?
Questions that I’d like to see answered are:
- How many crimes were not committed because of the presence of a CCTV camera?
- How many crimes were committed in a different location because of the presence of a CCTV camera?
The first question is impossible to answer. The second can be answered and a UC Berkeley study of the city San Francisco’s CCTV camera efficacy has been released. You can ready about the results here and here. The San Francisco study shows the cameras move crime from areas near cameras to areas away from cameras – no big surprise there.
As I have mentioned previously on Tuesdaynight, trading the feeling of safety (without an actual increase in safety) for an invasive, always-on, 3rd-party-accessible video monitoring presence is a choice that leads to a far more paranoid society, less willing to engage in social behavior and less like the kinds of societies in which we want to participate.