[Privsec] what shall we do in in Athens?

karen banks karenb at gn.apc.org
Thu May 25 12:06:36 BST 2006 

hi ralf

I had a chat with a few people who suggested we work on a proposal 
for a separate workshop on privacy and security - if possible, 
building in elements of the proposal for a global privacy forum (but 
obvisouly we wouldn't have as much time as we'd like) - but, that we 
try to identify some other stakeholders who might partciipate - 
particularly from industry, the OECD and the DTI (UK)

I think that taking a MS approach would give us a better chance of 
having a proposal accepted.

Also, that there is much resistance from some in industry to link 
privacy with security in any way, shape or form. To that end, i asked 
simon davies to put together some talking points for folks who were 
in geneva - that would speak to industry

I've attached those comments at the end of this message - remember - 
these were written to try to influence 'business' reticence to 
address privacy in relation to security..

So, i think it would be good from the outset, to get some sympathetic 
industry people on board in developing the proposal - and i'd suggest 
we try to work through simon who now has very good connections with 
some industry people in this regard..

this is not to suggest we don't submit other proposals along the 
lines you're suggesting  - i'd be happy to help out, but would prefer 
we get simon in particular, on board, and suggested as a speaker.

karen

Date: Tue, 23 May 2006 13:21:24 +0100
Subject: Privacy points
From: Simon Davies <s.g.davies at lse.ac.uk>
To: karen banks <karenb at gn.apc.org>

Hey Karen,

A few points re the privacy/security and business stuff.

Cheers

Simon


Privacy, security & business

Over the past few years the private sector has substantially reviewed 
its approach to privacy issues, adopting a perspective that privacy 
and security are interwoven. There are a number of indicators that 
highlight this trend of thinking:

  - Business organisations in the field of security such as the 
Information Security Forum (representing some 200 Fortune 500 
corporates) adopted privacy as a core business concern from around 2001.

  - Over the past five years the number of privacy organisations in 
the business sector has more than doubled. The Enterprise Privacy 
Group, for example, formed in 2003 now has a membership that includes 
Microsoft, HP, Verisign, RSA and Sun, all of which are active in 
developing best privacy practice for their organisations.

  - Privacy is now viewed by forward looking companies as a key 
component in the development of trust and the maintenance of consumer 
relationships. Privacy breaches increasingly create PR problems for 
companies (e.g., Googles Gmail service).

  - Equally, the creation and promotion of best practice in privacy 
is widely seen as central to consumer take-up of new online services, 
such as online banking.

  - Increasingly, major corporates are calling for better regulation 
of privacy. In 2005, for example, Microsoft called for a US privacy law to
govern personal information held by the private sector.


General overview points:

Privacy is a concept that is fundamental to society

Apparently minor breaches of privacy can result in major incidents: 
people care passionately about this subject

Commercial relationships are built on trust.  A breach of privacy can 
destroy that trust, and in turn destroy the relationship

Respect for privacy is therefore essential for the maintenance of 
commercial and consumer relationships

The need for privacy is becoming mandatory under law and 
sector-specific regulations

More information about the Privsec mailing list