The importance of data privacy for individuals and businesses is becoming an increasingly significant factor in the new era of e-commerce, mobile marketing and the sharing of information. North Carolina experts discuss what state businesses need to have in mind as they secure their data, access personal information and protect key information.
RAIFORD WHAT ARE YOUR THOUGHTS ABOUT THE DISTINCTION BETWEEN PRIVACY AND SECURITY? WHAT IS OWED TO CONSUMERS OR OTHER ORGANIZATIONS IF YOU'RE A COMPANY THAT HAS ACCESS TO THAT INFORMATION?
TOLLERTON I think that's a good place to start, because there is a distinction. Security is how we're protecting data from unauthorized access, whereas privacy includes security, but it's also what we are doing with data that we have authorization to have. Are we transparent about how we're using it? Are we giving consumers rights around what we're doing with it?
I think that, first and foremost, is what we ought to be talking about.
MACKENZIE I Often look at privacy as being the overarching umbrella associated with managing information. Security is certainly underneath that umbrella, but privacy is about the management of information through the entire information life cycle, from the point that it is collected to the point that, hopefully, it is securely deleted.
There's a lot of security along the way, but there are just processes in how you handle that data that are really more privacy-related than they may be security-related.
SPAINHOUR From a legal perspective, there's also the concept of privacy as a right. It's not a written constitutional right, but it is one that is a recognized constitutional right In certain contexts.
I certainly think of privacy as both consumer-oriented and, in certain contexts, rights-oriented. Consumers should also expect to have their data be protected.
RAIFORD SIZE AND SOPHISTICATION OF A COMPANY HAVE A LOT TO DO WITH ITS ABILITY TO DO ALL THE THINGS WE'RE TALKING ABOUT. HOW DOES A SMALL ENTITY OR BUSINESS, WHERE THEY MAY NOT HAVE THE INTERNAL RESOURCES OF A LARGE COMPANY, HANDLE SECURITY OR PRIVACY? WHAT RISKS OR PROBLEMS MIGHT THEY FACE?
DALLAIRE While small companies are inherently more challenged--depending on their capacity from a resource and knowledge perspective--larger companies have the same issue, because it's equal to the volume of data and where that data resides. While a small company might outsource or in-source certain aspects of core systems, larger companies, like banks and insurance, have hundreds of relationships. They've got to know where the lineage of that data sits. So that, in itself, becomes a very constraining resource requirement even for the largest companies, because it scales.
DHILLON tend to agree with that, and what I have noticed--at least in the work that we've been doing--is there's a huge challenge with capability and competence of individuals. We're seeing a vacuum of talent. Irrespective of if you're a large company or a small company, there's a constant need for training and education, which we are not able to keep up with, and that ends up being a challenge. Education and awareness are part of it, but I think the technology is changing so quickly that we need to retrain and unlearn and relearn a lot of things, which is resource-intensive if you think about it.
DALLAIRE You could argue that some fintech companies are very good at what they do and can compete very well in the markets they're in. Traditionally they're small, but they are designed with privacy in mind, so it's not an issue for them. Whereas you have legacy companies that have been in business for a long time, and they have to redesign with privacy in mind or security in the same vernacular, which...