On Privacy Enforcement Technologies (PETs) …

I would recommend reading a recent post published in “Blog*on*nymity: blogging on the Identity Trial”, titled “PETs are Dead: Long live to PETs”.

The author provides an interesting analysis of Privacy Enhancing Technologies (PETs) from different perspectives:

• PET as a personal tool/application
• PET as a security technology
• PET as a data minimisation tool
• PET as expressing the Fair Information Principles
  

The author also discusses some of the current reasons that have slowed the adoption of PET technologies, in particular within enterprises, the importance of not just focusing on applications but also having a more “holistic” approach and suggests of reasoning in terms of privacy-enhancing technologies, that enable PETs.

Having worked for a while in the privacy management space (e.g. on privacy-aware access control and privacy-aware information lifecycle management) I tend to agree there are adoption barriers (in enterprises and organisations) when talking about PET technologies/approaches/architectures/solutions. Enterprises and organisations tend to make privacy-related decisions based not necessarily on technologies/solutions but primarily on risk management and cost/benefit analysis.

Most of current enterprise privacy management approaches focus on “human processes” and “compliance checking” aspects – i.e. identifying if and when privacy policies/laws have been violated and reporting/reacting to violations. Obviously this approach is showing its limits - considering the increased number of identity thefts and privacy violations.

In the medium/long-term the attention might indeed turn to PET technologies but I think that to make this happen there should be stronger “financial+accountability” consequences to privacy violations: this might happen if privacy laws/legislation are “shaped” in the same way SOX legislation is, for corporate governance …

--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---