IT and Privacy Landscape: Areas to Watch in 2008

A recent article by Brian Tretick, titled “IT and the Changing Privacy Landscape: Eight Areas to Watch in 2008”, provides an interesting analysis of the current state of privacy management and suggests eight areas to watch in 2008:

• Information is Power: Keeping Data Classification up to Date;
• Less is More: Minimising the Use of Personal Information;
• Decode or Not Decode: The Evolving Use of Encryption;
• The Three-Legged Stool: Strict Standards for Vendors and Business Partners;
• On the Road Again: Personal Information and the Telecommuter’s Way of Life;
• In Case of Emergency: Having a Plan for a Worst-Case Scenario;
• It’s a Small World: Developing Privacy Procedures for Home and Abroad;
• Building a Better Mousetrap: Keeping Pace with Privacy Management Technologies;
  

This article concludes by saying that “Privacy is a mainstream business issue. These eight areas deserve more than a check-the-box exercise. Each one should be addressed as part of the comprehensive, deliberate management of privacy risk and compliance. Founded on policy and governance, an effective privacy program relies on controls, monitoring, compliance activities and other assurances to keep an effective operation in place.”.

I really tend to agree with this point: in my view, identities and privacy should be more and more considered as key “enterprise assets” and addressed from an “enterprise risk and compliance management” perspective (also see a related post of mine, here).

--- NOTE: my original HP blog can be found here ---