Is there a way to really help manage online privacy?
Today’s post is contributed by John Sabo, Chair, OASIS IDtrust Member Section Steering Committee and Director of Global Government Relations at CA Technologies. John will be addressing the OECD High Level Meeting on the Internet Economy: Generating Innovation and Growth, taking place on 28-29 June. Ministers, internet experts and internet economy business leaders will discuss and adopt shared principles for a continued open and trusted Internet.
How can business and policy makers address data protection and privacy issues as innovation spurs the creation every week of new Internet technologies and business models?
It’s not as if the policy and technology communities are sitting on their hands. Major organizations such as the World Economic Forum have published studies bringing attention to the issue, for example examining privacy and cloud computing. The work underway to revamp the European Data Protection Directive is a significant effort. Likewise, government initiatives, such as the U.S. National Strategy for Trusted Identities in Cyberspace, prominently include data privacy as a core component. And in the technical community, we see initiatives designed to enhance privacy and trust in federated identity systems such as those sponsored by the Kantara Initiative and the Open Identity Exchange. Unfortunately, while valuable, ad hoc initiatives represent an incomplete path for actually delivering Internet-scale online privacy and trust.
It would be naïve to argue that there is a simple, elegant solution to these problems. But there is a path forward, which is the greater use of the expertise and resources of standards development organizations that are addressing privacy risk management issues from a framework-level perspective. ISO/IEC is developing a privacy framework (ISO/IEC 29100), a privacy capability assessment framework (ISO/IEC 29190), and a privacy reference architecture (ISO/IEC 29101). In the OASIS standards organization, the Privacy Management Reference Model Technical Committee, which I co-chair, is developing a standard that will address systemic, lifecycle privacy management and provide a tool to help manage contextual privacy policies and requirements.
You can follow the discussions via live webcast at: http://oecd.streamakaci.com/IE/