Leigh Nakanishi, Account Supervisor at Edelman
It’s that time again: time for retrospectives and predictions for the upcoming year. With that, I figured that I would share a few of mine for privacy and security communications.
Increased Regulatory Scrutiny and Enforcement in the United States
As noted in an earlier post from September, it seems unlikely that comprehensive privacy will pass next year; however, concerns about privacy among policymakers and regulators will continue to increase. In place of legislation, we are likely to see several hearings about privacy incidents and the companies responsible. For instance, following the discovery of the information collected by Carrier IQ, Senator Al Franken sent a letter to the company demanding it explain its practices and in the process creating a significant negative news cycle.
The absence of new laws also means we are likely to see the Federal Trade Commission bring more actions with its current enforcement powers. We already saw this trend start with the consent decree with Facebook and several other regulatory actions against lesser known companies. Having heard from both Commissioner Julie Brill and Chairman Jon Leibowitz on multiple occasions, it’s clear that there will be increased scrutiny of privacy practices.
Location Privacy Will Continue to Concern
Location-based services were a hot privacy topic this year, with several researchers examining just how location information is used by applications and devices. In July, the discovery that Apple stored information on locations on iPhones unencrypted caused a media and policy storm. At the same time, we are seeing several efforts underway to address the privacy implications of location-aware applications through privacy by design principles. For instance, the privacy think tank the Future of Privacy Forum launched an application privacy resource center that provides tools and guidance to developers on how to protect privacy when designing applications.
The phone serves as a key linkage between peoples’ online and offline worlds, because it is always on us and with it raises several promising uses, as well as privacy concerns. We are likely to see continued innovation on this front and with it new privacy questions that companies must address through clear and concise communications.
Highly Public Security Hacks Will Increase
This year saw the rise of hackavism, with Anonymous and Lulz Security greatly increasing their campaigns against companies, organizations and governments around the world. The tactics used by these groups are not new; we’ve seen data breaches and Denial of Service attacks for some time. What is new is the very public nature of these incidents. Unlike cyber-criminals who like to keep their attacks out of the limelight, hackavists are looking to shed as much light as possible on their exploits to raise visibility for its cause and they’ve been very effective. Using social media to spread the news, hackivists have captured the media’s attention.
In turn, these new highly public attacks have changed the speed and methods that companies must communicate when experiencing a breach. Often times companies learn of the breach at the same time the public does requiring them to act more quickly than ever before to understand and explain the situation. With Anonymous’ #AntiSec campaign still in full force, it’s likely we will continue to see these types of incidents.
Posted on December 29, 2011
0