Privacy: Just Make It Easy
In this episode, host Ashwin Krishnan sits down with longtime friend of the podcast Malcolm Harkins, Chief Security and Trust Officer at Cymatic, and Chris Pierson, CEO of BlackCloak. They discuss the intertwined relationship between security and privacy and how the two need to be balanced. Malcolm explains, “when those two things are out of kilter, it’s like turning two magnets opposite to each other and they polarize.” It is not possible to protect just one area, it must be a multi-pronged approach: privacy, security, identity.
Chris goes on to explain why security and privacy controls cannot be left at work. Executives and their personal devices and digital activity present a soft target for attackers and must be guarded 24 hours per day. He sees three aspects to the management of privacy and security. First, consumers must understand the context of these in managing their digital footprint and identity. Second, they must decide how much they are willing to share. Third is hardest of all, actually executing controls. Unfortunately, we are our own worst enemy: reusing passwords, storing financial data on apps in the cloud, and so much more.
While CCPA has given Californian residents control of their data, opting out has proven so time consuming and laborious as to be discouraging. The sheer volume of data and the number of companies that hold it is daunting and overwhelming. While we may have good intentions about securing and tightening our privacy perimeters, few of us are motivated to do what is necessary. Facebook is a prime example: many disagree with their privacy policies but few have abandoned the platform.
Chris and Malcolm blame the corporations. For too many regulation compliance is just a checkbox. Yet, embedding transparency, ethics, and decency in corporate culture presents a branding opportunity for enterprises. While it may not be a business driver (yet), it could be a huge differentiator. As Chris points out, “there’s a business value, a business sale in trust, in goodwill, in your value of your name and brand.” More and more, consumers are purchasing from companies with principles they share. The enterprises that are open about the data they have, how they use it and protect it, and crucially make their terms and conditions easy to understand are the ones who will benefit from consumer trust.
- 01:30 — Corporate cybersecurity doesn’t end when the executive leaves the building.
- 04:20 — There are three parts to understanding data privacy: context, willingness to share, and execution of controls.
- 05:25 — Privacy controls and security controls need to work together in harmony.
- 08:31 — There must be a continuum of privacy controls and security controls across work and home.
- 09:42 — You can’t tackle just one area, you have to tackle them all together: privacy, security, identity theft, etc.
- 10:44 — People disagree with how privacy is handled by the big companies — but then don’t do anything about it.
- 11:30 — People expect the safety systems in their digital life to be as automatic as they are in other areas of life – but they aren’t.
- 12:50 — It is tough for the average consumer to cope with cybersecurity and cyber hygiene, especially when they cannot trust the security products to fulfill their promises.
- 16:52 — Regulations are just a checkbox for most companies. Worse, for some they are an process to be cheated.
To hear more on privacy listen to our podcasts Global Differences in Privacy and Regulation with Cat Coode and Is it Time for Consumer’s Technical Bill of Rights with Brian Vecci.