Skip the navigation

Can privacy be saved? Maybe

By Bill Brenner
September 14, 2010 01:24 PM ET

CSO - Thanks to the explosion of social networking and all those nifty Web apps people use to bank and shop online, the bad guys now have an endless supply of attack vectors to steal personal data. In fact, some security industry experts have declared privacy dead.

Whatever the case may be, companies are increasingly under the regulatory gun to keep customer, employee and supplier data safe from prying eyes. At the CSO Security Standard Tuesday, attendees got a taste of what General Electric is doing to meet the challenge.

Also see "CPO and CISO: A comprehensive approach to information"

Nuala O'Connor Kelly, senior counsel and chief privacy leader for GE, started with a question for the audience: What is privacy? Answer: The right-ability to CONTROL how your personal information is used.

The trick for GE is the same as it is for most organizations -- how to achieve security without setting off animosity someone might feel about being violated.

An example of the delicate balance is the new TSA body scanners. We want to be safe on the airplane, but we don't want to be the one to walk through those new, very revealing scanners. This can present a challenge for companies that rely on extensive business travel.

In the world of social networking, the privacy is in the user's control in that they have a choice as to which details they include in something like a Facebook profile page. In that case, people have a habit of revealing too much on their own. In a sense, they are happily giving up their privacy. The thornier problem for companies is in how much information employees might put out regarding the business. The legal side of the house is therefore absorbed with making new rules on what kind of company information can be shared in the social networking arena.

Also see "Six ways we gave up out privacy"

Then there's the growing array of mobile devices people use for both personal and work activities. Companies face the challenge of letting those devices in while at the same time making it clear what kinds of company data is and isn't acceptable to share.

Though there's no one-size-fits-all manual for dealing with these issues, GE took one major step O'Connor Kelly believes has made a major difference: Bringing the legal and IT security sides of the house closer together.

O'Connor Kelly has worked with GE Chief Information Security Officer Grady Summers to get there, launching a GE Information Governance Council that combines the strengths of IT and legal, reviewing information management and policy issues holistically across the data life cycle.

Originally published on www.csoonline.com. Click here to read the original story.
This story is reprinted from CSO Online.com, an online resource for information executives. Story Copyright CXO Media Inc., 2006. All rights reserved.
Our Commenting Policies