Privacy in the Era of Social Media and Cloud Computing

Posted by Peter Cullen
Chief Privacy Strategist

I
have been actively engaged in privacy issues for over a decade, first
at the Royal Bank of Canada and now as Chief Privacy Strategist for
Microsoft since 2003.

During that time privacy has rarely
received as much attention as it’s getting now.  Mainstream media from 
Good Morning America to USA Today regularly have stories about
everything from shifting online privacy policies to unauthorized
collections and use of personal data.  At the same time, some in the
tech industry have suggested that social networking and other new
technologies are making privacy obsolete.

Given the high level
of interest, I’m pleased to be in San Jose this afternoon to deliver the
keynote address at the Computers,
Freedom and Privacy
conference.

Microsoft has been working
on online privacy issues since launching MSN in 1994.  We’ve had our
challenges along the way, but we’ve learned from our mistakes and
privacy has become increasingly central to everything we do.

Earlier
this year, in a speech at the University of Washington, Steve
Ballmer said: “As a mature and responsible organization, we have got to
lead with privacy.”

And this is very much Microsoft’s goal.  To
apply what we’ve learned in the past around privacy to today’s rapidly
evolving landscape of social media, information flows and the cloud.

One reason we are focused on privacy is because it still very much
matters to our customers- it remains a matter of “trust.”

While
social media may be pushing the boundaries around privacy and altering
certain behaviors, heavy users of social media – including young people
who some claim don’t know better —  value and fiercely protect their
right to privacy.

A Pew Internet and
American Life Project survey on “Reputation Management and Social Media” released
at the end of May indicated that young people are actively working to
protect their privacy online. 

Governments around the globe are
also updating their privacy laws or implementing new privacy statutes
where none previously existed.

These trends have put privacy
under a microscope and sent companies worldwide a message that
governments, consumers and civil society both expect and demand
accountability around data privacy.

To Microsoft,
accountability is not just an important concept in this world of
exponentially growing data flows.  It is a critical governance principle
that organizations need to live by.

A perceived lack of
accountability is what has frustrated consumers, regulators and
advocates with some of the recent high-profile privacy missteps. 

A
“No harm, no foul,” approach is simply not going to cut it in the
current environment.

Under an accountability governance model
for organizations, a company must:

  • understand the risks
    to individuals that come with processing their data and mitigate  those
    risks
  • ensure that their processes do indeed safeguard
    their customer’s data, and
  • be transparent and answerable
    for their strategies to identify and mitigate risks.

Likewise,
it is simply not enough to retrofit privacy protections into existing
products and services. Rather, privacy protections must be incorporated
into every aspect of product development, from design through
deployment.

Fundamentally, innovators have a responsibility to
mitigate risks in new technologies and services by architecting strong
privacy and security safeguards throughout every product’s development
and deployment cycle.

We are following these principles as we
develop products and services and to help maximize the benefits of cloud
computing while protecting privacy.

In the
context of privacy the challenges of the cloud have a lot to do with
where data sits and who has access to it. These challenges are not new,
as consumer and business data have been sitting ‘off-premise’ in a
variety of situations for years.

For privacy professionals, the
cloud represents the latest evidence that technology will likely always
outpace policy. For instance, the data aggregation enabled by the cloud
not only creates rich targets for bad guys, but also heightens a range
of privacy and jurisdictional issues.

Today, more than ever,
policymakers and regulators need to think and act both locally and
globally. The borderless state of cloud computing finds itself at odds
with the world of physical boundaries and multiple sovereignties.

We
believe that we need to think about these issues in the context of new
responsibilities.

Not only does industry need to innovate and
develop new technologies to protect the network, it needs to create
better tools to empower users so they can choose how they want to
interact with the cloud.

These truly are issues that no one
company, industry or sector can tackle in isolation. So it is important
to start these dialogues in earnest and include a diverse range of
stakeholders from every corner of the globe.

!–more–>