Preventing Privacy by Design from Becoming a Privilege:
Cybersecurity: Privacy is a theme that has remained consistent throughout history across all human societies regardless of culture, religion, or ethnicity. It has been an area that is professed by religious scriptures and by the human intelligentsia.
However, with an increased transformation of societies alongside the digital sphere, we are observing increased privacy risks caused by the overcollection and processing of personal data. The privacy subject matter experts have advocated the need to bake privacy into the design as a fundamental ingredient rather than dressing it up on an established product or service. However, organizations are still battling with the challenges of adequately embedding privacy into the design aspects of the developed product or service.
The real issues creep up with the lack of substantial and objective controls to be implemented within products or services. The abstract nature of the privacy principles allows escape routes for the product or service designers to interpret these principles in their own manner and claim to have adequately baked privacy within their services or products.
In a quest to make personal data not linkable with reasonable efforts by the threat actors, it becomes necessary to alter the architecture by moving away from centralized service architectures to partially or fully decentralized service architecture. As we decentralize, there becomes an increased need for computational resources, and human resources to manage additional service domains which ultimately adds to the overall product or service cost.
Such challenges impair the smaller organizations’ capabilities to commit themselves to privacy by design in their products or services. Additionally, organizations also rely on off-shelf software, and the underlying architecture in terms of database and applications is a completely black box to them therefore the privacy risks cannot adequately ascertained or addressed unless the products have certified against international privacy standards.
Currently, we are collectively standing at crossroads where the abstract nature of controls and principles creates a cushion for threat actors to circumvent privacy. There is therefore a dire need to add more nuance to the privacy controls which are verifiable and capable of objectively assessed otherwise we may run into a territory where Privacy by Design might reduce to a privilege.
Muneeb Imran Shaikh is an Information Security & Privacy Consultant with a forte in Strategy, Program Development, Governance, risk, and compliance. Based in the Middle East region, he has worked with different clients from the financial, governmental, and telecommunication sectors to help them in developing and implement Cybersecurity and Privacy programs in accordance with their regulatory, legal, and compliance requirements.
An avid reader with an eagerness to help people and network with other energetic professionals who value diversity, inclusion, and the importance of emotional intelligence in the work environment. Strong Proponent of creating a healthy culture that values Stakeholder Engagement, Mutual Respect, and Emotional Intelligence. He has contributed with his knowledge and expertise through various writings, podcasts, policy reviews, and conference appearances. Some of his major contributions include a Review of Pakistan’s Cybersecurity policy in 2021 and his two papers on cyber threat intelligence.
Visit CxO Global FORUM or CxO News Live for all the latest updates.