Do you feel the US Patriot Act, and EU Data Legislations are in conflict leaving end users, and businesses confused as to their expectations of Privacy?
Privacy, like control, is an illusion. Like the infamous conclusion of the computer in the 1984 movie “War Games”, the only winning move is not to play at all. If you really want privacy in today’s global, hyper-connected world, you almost have to keep your data to yourself.
That goes for both individuals and corporations who are increasingly frustrated and confused by conflicting regulations and laws regarding who can access what data from where, when and for what reason.
The US PATRIOT Act and EU Data Legislations are a perfect example of two pieces of legislation that appear to conflict with one another, but in reality is simply different views on the same reality: your data is subject to disclosure to some government entity. What entity that is depends on myriad factors including which government, ultimately, has jurisdiction over your company and over your data.
One of the truisms that makes the Internet work is the standardization of protocols; the definition of how devices and applications communicate with each other and the underlying tacit agreement that there is some governing body that has what we call in role-playing games “rule zero”. Rule zero simply states that when a conflict regarding the rules arises, the game master (who runs the game) shall be considered the final arbiter. His (or her) decision is final.
When it comes to governments and legislation, we don’t have a “rule zero” or an agreed upon governing body that sets the MUST and SHOULD rules for how legislations interact and interoperate. Because of this, organizations (and consumers, too) are left to wonder just who has access to their data, and under what circumstances.
Right now it’s the US PATRIOT ACT and EU Data Legislation, but tomorrow there be a third conflicting legislation from another country, or new regulations that cause more confusion regarding the sanctity of an organization’s data privacy. Organizations must, therefore, assume that some entity will be able to legally claim access to your data no matter where that data might be stored, and plan accordingly.
Lori MacVittie | F5, Sr Product Manager | @lmacvittie
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.