Home Cloud Computing Privacy enters new phase

The era of big data and invisible computing - where just about everything with a chip is connected to the internet - is throwing up an entirely new raft of privacy challenges for organisations according to Microsoft's chief privacy officer Brendon Lynch.

Mr Lynch who has been in Australia to speak at a major international privacy professionals' conference this week said that organisations needed to keep a close watch on customer expectations, shifting regulatory requirements and new technologies and explore the privacy implications at each hurdle. He said that companies, like Governments, also needed to adopt an international perspective in order to protect personal information wherever that data was held including in offshore clouds.

Although the underlying technology landscape was changing Mr Lynch said that the fundamentals of privacy were pretty constant. According to Microsoft's definition; 'Privacy is about the appropriate collection, use and protection of personal information,' said Mr Lynch who has been with the company since 2004.

The core concepts were about 'empowering individuals to have power over and use of their information , transparency and choice.' However the underlying technical landscape had altered considerably in the last seven years and today organisations recognised that; 'Data is increasingly a key driver of innovation - analysing more and more data about people and by people. '

In a wide ranging interview with iTWire Mr Lynch said that when he started in the role at Microsoft, although it already had a privacy agenda and had in 2002 established the Trustworthy Computing unit, there was no discussion of the cloud or smartphones. Also in the intervening years the online advertising ecosystem had emerged with a focus on delivering more targeted advertisements, while search had been enhanced with location aware capabilities.

All of these developments had significant privacy implications he acknowledged. Mr Lynch said that the three pillars on which Microsoft built its Trustworthy Computing initiative were security, privacy and reliability.

End user choice was also critical. 'One of the fundamental issues of privacy is the ability to control information they (individuals) put out and ability to take it down if they want.'

Asked about the US Federal Trade Commission ruling regarding Facebook's approach to its users' personal data, which will see the social networking site obliged to undertake a privacy audit every two years for the next two decades, Mr Lynch said; 'What was interesting about the Google and Facebook settlements was the need to have a comprehensive privacy programme and some oversight of that from an auditing perspective.

'It highlights the need for organisations to have a comprehensive approach to privacy and have that considered at the design stage. Wherever new technology being designed - product or service or new systems within organisations or government agencies - there needs to be an assessment of privacy impact of that.'

Privacy was not just the domain of technology vendors he said - but any organisation with access to or custodianship of personal data.

Mr Lynch also stressed the importance of disclosure in relation to privacy breaches. In Australia privacy breaches of personal data are still not mandated, unlike many other countries.

According to Mr Lynch: 'Generally the more there is awareness of data breaches creates more of a consciousness for privacy - the things people are most concerned about are those (breaches) with tangible consequences - identity theft high on the list.

'It's a good opportunity to focus on consumer education and help people better understand the opportunity and risk of new technologies particularly for younger people.'

He said that under Microsoft's international disclosure policy, Australian users would be informed if the security of their Microsoft held personal data had been breached even though that is not currently mandated.

'We believe that in certain circumstances there should be a notification of data breaches particularly where it has a potential consequence for an individual -sensitive financial information is an example of that.

'Our approach is to notify customers if there has been a breach of sensitive personal information - we do think though that it's important you don't create situation where there is over-notification,' he said. 'If the trigger point is too low people will get over-notified and not be able to work out the one they should be most concerned about.'

Asked whether the next generations of adults, who had grown up on social networks were likely to have reduced thresholds in terms of privacy sensitivities Mr Lynch said privacy remained an individual rather than generational issue. 'I think that privacy is a very individual thing - there are those who say it's changing fundamentally but I don't believe that is true for vast majority of people.'

Mr Lynch said that society divided into three groups - people who were not overly concerned about privacy, people who were deeply concerned and tended to block access to personal information and; 'A large block in the middle who are pragmatic about privacy where there is a value exchange and there is trust.

'That's a core part of our approach - you need to provide the information and choices for people to trust the technology and get value - but for those who want more granular control the systems are there for them too.'


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Beverley Head

my space counter

Beverley Head is a Sydney-based freelance writer who specialises in exploring how and why technology changes everything - society, business, government, education, health. Beverley started writing about the business of technology in London in 1983 before moving to Australia in 1986. She was the technology editor of the Financial Review for almost a decade, and then became the newspaper's features editor before embarking on a freelance career, during which time she has written on a broad array of technology related topics for the Sydney Morning Herald, Age, Boss, BRW, Banking Day, Campus Review, Education Review, Insite and Government Technology Review. Beverley holds a degree in Metallurgy and the Science of Materials from Oxford University and a deep affection for things which are shaken not stirred.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities