Being both a certified CISO and DPO I am often met with issues which involve cyber security and privacy where the connection is uncertain and where instead of a fine line, there is a translucent line separating the two subjects.
I believe the question “Is this a privacy or cyber security issue” is becoming more and more common, that more and more organisations are concerned with this question and I believe it will grow, causing an increasing weight over organisations willing to maintain a certain standard and not fully understanding where the liability and responsibility stands.
The article below is an attempt to start dissipating the fog over the two subjects and I estimate I will issue a few more in the future.
Let’s start by the beginning: theoretically, cyber security and privacy are not related.
Privacy discusses the person, the person’s rights, the person’s identification and information concerning their person, As well as limitations, what society, or more precisely, organisations, owe the person to allow those rights. – This is more or less the concept of privacy (Very roughly speaking).
Cyber security refers the intangible world of ‘the Matrix’. (excuse the cheesy comparison). It discusses Bits and connections, communications, encryptions, protocols and platforms as well as countless other non tangible concepts that only exist in a different realm.
so, again. Theoretically – no connection.
Except… there is.
And the connection is, in a nutshell, that all your information. Every single piece of information about you, from your ID and health information to your shopping preferences and last trip you took – are all in the cyber realm (or ‘the Matrix….’).
people use less pen and paper than they used to, consumers use less ‘cash’. The Federal Reserve Bank Services issued a comprehensive study, (the first of its kind since Covid19) analysing payment forms. We can see there is an increase in what I would refer to as non tangible payment form (online/remote/card use) It is an interesting statistic which from my personal experience I can testify people around me don’t need to have wallets with cash and cards anymore, they use ‘smart wallets’ on their phones.
The research is fascinating and I encourage anyone to read more into it (Link to the research)
This non tangible approach goes beyond payments and refers to much simpler concepts like pen and paper. one of my colleagues confessed to me recently he hardly remembers how to write manually. As he stated himself “I just don’t have that need and haven’t had it for several years now. everything I do is on the computer or my pad”.
A quick summary of the above will be that if we take the two theoretically unrelated subjects and put them in this equation (which, after Covid19 has greatly increased) We can start understanding the magnitude of the issue.
The world of privacy, your and your children’s, is present in a non tangible realm. At home you lock your passport in a closet – maybe under key – but when you have a scanned image of it on your computer – how do you protect it? At home we put pictures of our children in an album or in a box but we also put them on a FB/Instagram/threads/other social network in a fully public profile where anyone and everyone can see them.
So is it a privacy or cyber security issue?
I think it’s both. I would consider it as a privacy concern to solve in a cyber security form. The international privacy legislation discusses cyber security measures on a regular basis due to their understanding of the need. As a CISO I run into issues where the legal authority (DPO) is the one in charge of the private information security but they have no understanding how to do that and as a CISO I am technically not supposed to do that.
This is why I am tackeling it as a new term: PRIBERTY (yeah a little cliché but it’s catchy 🙂
I will use my next article to discuss further on how we can divide the two subjects and protect ourselves better
Be safe,
Yours Truely
The Green Hat
Cyber Major 