Many countries take the approach that the best ways to solve problems are via regulations. In some cases, that will work. In others, these regulations are simply a penalty that everyone must bear; think TSA. When it comes to information security and privacy laws and regulations, often those perpetrating the crimes are impervious to any or regulation.
In Privacy on the Ground: Driving Corporate Behavior in the United States and Europe (MIT Press - ISBN 0262029987), authors Kenneth Bamberger and Deirdre Mulligan have written a well-researched and compelling study on global privacy practices. In it, they’ve interviewed numerous chief privacy officers (CPO), regulators, engineers and others in the United States, France, Germany, the U.K. and Spain. If you know a CPO, this book should be on their wish list.
Much of the book is spent comparing and contrasting how privacy is done in each of these countries. In addition, the authors show what best practices, regulations, and laws can be most effective.
Data and personal privacy have long been important. With that rise of big data and its ensuing analytics, combined with IoT gathering key pieces of personal data; privacy in 2016 is an imperative.
The goal of the authors with these interviews was to understand what privacy professionals did right and wrong, and create a set of best practices that the reader can implement.
Bamberger is a professor at the Berkeley School of Law, while Mulligan is an associate professor in the School of Information and a co-director of the Berkeley Center for Law & Technology, and as such, the book has a bit of an academic feel.
A key point the book makes is that at the corporate level, privacy isn’t something that can be the responsibility of a single department or individual. The nature of privacy is such that for it to be taken seriously and the underlying data secured; it needs to be embedded into an organizations DNA, and fully integrated into all applications and technologies.
There are a lot of ways to do privacy wrong, which unfortunately too many countries and enterprises do. For those concerned about personal privacy, and how to ensure effective privacy principles are implemented, Privacy on the Ground: Driving Corporate Behavior in the United States and Europe will help get them there.