Report Suggests Growing Interest in Universal Privacy Laws to Facilitate Big Data

5 Nov 2014 by Christine Kern

A man touching a virtual cloud

Data Heat Protection Map Development Reflects Need to Create Privacy Laws

According to a new survey from Cloud Security Alliance and sponsored by Cisco, there is burgeoning interest in creating a universal set of privacy laws. The study, “Data Protection Heat Index Survey Report (2014),” demonstrated overwhelming support for a global consumer bill of rights, global themes regarding data sovereignty and the Organization for Economic Cooperation and Development (OECD) principles as facilitating the trends of Internet of Things (IoT), Cloud and Big Data.

Data privacy considerations are often overlooked in the development phase of Cloud, IoT and Big Data solutions as being too difficult to address. Historically, data privacy experts and the information security industry at large have focused on deviations between different regions, instead of the similarities, which could encourage more effective collaboration.

As growth of big data and ubiquitous computing changes the global landscape, individuals still have the right to expect privacy of their personal data as used by companies and governments. This study demonstrates that privacy by design is an essential component of fundamental privacy protection. It can help manufacturers and vendors engineer much more effective solutions, better meet regulatory compliance standards, and save time and money upfront, while protecting their reputations from negative press resulting from data breaches.

The Cloud Security Alliance tested the existence of universal data privacy and data protection concepts and the extent to which these can be drivers for global co-operative efforts around Cloud, IoT and BigData. The alliance surveyed more than 40 of the most influential global Cloud security leaders regarding current international data protection standards and demands. The Data Protection Heat Index Survey Report was structured in four parts. The findings revealed that privacy and data protection principles have the potential to play a positive role in the development of Cloud, IoT and big data solutions.

Many organizations struggle with issues around data residency and sovereignty. However, there was a common theme of respondents identifying “personal data” and Personally Identifiable Information (PII) as the data that is required to remain resident in most countries.

Responses indicated a universal interpretation of the concept of lawful interception with responses such as: “The right to access data through country-specific laws if the need arises, i.e., data needs to be made available for a cybercrime investigation.” Surprisingly, when asked how critical privacy is to employee trust, 25% responded “neutral” to “low importance.”

Of the respondents, 73% indicated there should be a call for a global consumer bill of rights and furthermore saw the United Nations as fostering that. This is very significant given the harmonization taking place in Europe with a single EU Data Privacy Directive for 28 member states, as well as with the renewed calls for a U.S. Consumer Bill of Privacy Rights in the United States.

Finally, responses overwhelmingly agreed that OECD privacy principles that have been very influential in the development of many data privacy regulations also facilitate popular trends in Cloud, IoT and Big Data initiatives, or cause room for tension.

Raj Samani, chief innovation officer for Cloud Security Alliance, stated: “Beyond data protection regulations, understanding the expectations of privacy is an important component in maintaining trust and assurance in the digital age. The work done to develop a data protection heat map is a strong indicator as to those expectations, and should be an important component in the provision of digital services.”