Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA: Learn About the International Association of Privacy Professionals (Video)

Posted by Roblimo on from the peek-a-boo-you-can't-see-me dept.

Today's video is an interview with the Corporate Alliance Director and the Chief Technology Officer of the International Association of Privacy Professionals (IAPP), a non-profit organization that claims it is "...the largest and most comprehensive global information privacy community and resource, helping practitioners develop and advance their careers and organizations manage and protect their data." In other words, it's not the same as the much-beloved Electronic Privacy Information Center (EPIC), but is -- as its name implies -- a group of people engaged in privacy protection as part of their work or whose work is about privacy full-time, which seems to be the case for more and more IT and Web people lately, what with HIPAA and other privacy-oriented regulations. This is a growing field, well worth learning more about.

23 comments

  1. There's privacy? by simplypeachy · · Score: 4, Informative

    A visit to their homepage helpfully tells Comodo, Twitter, UserTrust and Google about your visit and drops several cookies, some lasting one or two years. But it's OK - it all goes via SSL so it must be good for privacy.

    1. Re:There's privacy? by Dins · · Score: 2

      The "Platinum Members" listed at the bottom of their site include: Accenture, AstraZeneca, Capital One, Deloitte, Ernst & Young, Edelman, HP, Intel, KPMG, LexisNexis, Microsoft, Ponemon, Promontory, and PWC.

      Now in the great /. tradition, I did not read TFA nor watch TFV, but I doubt the listed companies truly have our privacy best interests at heart.

    2. Re:There's privacy? by fuzzyfuzzyfungus · · Score: 1

      A visit to their homepage helpfully tells Comodo, Twitter, UserTrust and Google about your visit and drops several cookies, some lasting one or two years. But it's OK - it all goes via SSL so it must be good for privacy.

      The very existence of 'privacy professionals' as a thing is largely predicated on a rather...tense...view of privacy: specifically, that we will generate and store a fuckton of data about you; but then we'll hire a guy to make sure that the data are only accessed in compliance with HIPAA and/or after the payment has cleared...

      They are really more 'transparency compartmentalization' than 'privacy'.

    3. Re:There's privacy? by fuzzyfuzzyfungus · · Score: 1

      They are essentially pimps with respect to privacy: It's not that they have your good at heart; but they have a very strong interest in making sure that only paying customers get access.

    4. Re:There's privacy? by Synerg1y · · Score: 1

      I'm a bit jealous, these people were able to spin a brand new role out of virtually nothing, but there's a giant elephant in the room here, what happens when the privacy professional gets breached? I doubt they're any special, or have a crystal ball for predicting zero days, so say they get breached, your data is compromised... you're getting sued by your customers... you go to sue the privacy firm, who closes doors and goes chapter 7. I would rather throw my data in the cloud lol. At least you can then sue amazon or something.

  2. Days of privacy are over with technology... by blahplusplus · · Score: 1

    ... and the likes of stupid tech illiterate people. Look at how willingly people put their public data online on facebook and linkedin, etc. The whole idea of privacy is something that can't be put back in the box. It only takes one stupid person who doesn't understand technology to post a pic or say something on facebook to reveal something about you directly or indirectly.

    Now especially with the likes of google and others having developed techniques to identify people from non-anoymous and pseudononymous data. Google's whole business revolves around identifying you and things about you to advertise to you. Hell even your IP address + a few tweaks is enough to identify and/or narrow down who you are massively for most users.

    1. Re:Days of privacy are over with technology... by Dishwasha · · Score: 1

      Reminds me of the few times that I've read of somebody "anonymously" posting a picture about a crime they committed online, but they failed to realize that the picture had embedded date/time and GPS coordinates which the police used to very easily isolate and track them down.

    2. Re:Days of privacy are over with technology... by TaoPhoenix · · Score: 1

      Right, I don't even know who to reply to, all the early comments are hitting useful markers in the discussion, and it's a big complicated mess. It's full of "chief compliance officers", supposedly people whose jobs do "sorta" depend on not blundering too badly.

      But then other people are remarking on the de-anon of data, "Platinum Members", cookies and web beacons "that provide functionality", a shameless admission of Google Analytics (really?! they couldn't grow their own?!) and more.

      This story and this entire group feels ripe for Flamebaiting. And maybe (gasp do I dare say it?) Anonymous.

      "Privacy organization got hacked and their entire database of members is in the wild". Oops.

      --
      My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
    3. Re:Days of privacy are over with technology... by Jane+Q.+Public · · Score: 1

      "Days of privacy are over with technology..."

      I think I have to call BS here. Our privacy issues are far more due to our shitty laws than they are due to technology. It would be trivial to outlaw tracking, pixel bugs, etc. if only the American people had the will to do it. Technology, per se, is not the villain here. Congress is.

    4. Re:Days of privacy are over with technology... by blahplusplus · · Score: 1

      The problem isn't with the laws, even if you fixed the laws there's no way it's enforceable. If you're not on facebook but your sister is and your sister inputs data that links back to you. It's trivial to gather more when other indirectly leave breadcrumbs. When people publicly expose themselves on the net they don't fully grasp what that means technologically. So although YOU might be careful with your data other people can expose you indirectly so it becomes unenforceable very quickly.

    5. Re:Days of privacy are over with technology... by Anonymous Coward · · Score: 0

      Yes...
      1.) There would have to be better laws to protect privacy in the first place,
      2.) there would have to be the willingness to enforce better laws, - AND -
      3.) people would have to THINK AHEAD before legally allowing the distribution of new technologies and those thoughts would include these considerations:
      a.) what will be the ramifications a given new technology?
      b.) will a given new technology actually enhance our life or will it alter our life in unpredictable, unintended, or other ways that only *truly* favor the likes of kabals and profit-making entities? and
      c.) how will the society integrate a given new technology and create enforceable laws with respect to that new technology (in fact, shouldn't the systems-under-design be designed with this in mind in the first place so as to be self-enforcing a standard of caution towards how they may affect our lives)?

      With an approach of foresight (vs. hedonism) towards new technologies, these technologies could be designed addressing the concerns that we, the techno-wise, perceive before the technologies are released to just everybody and anybody.

      Remember, there was a day when my public library, which now holds dozens of computers, once only had 2 computers in a back closet and I was the only one using either of them *all* day. Now dozens of computers are in high demand during all hours of the library. Why? Not because all those people are as interested in computers as I was when there were only 2 computers. But because these computers have become a supplemental form of communication for everybody and anybody, even if there's no sincere interest in computers. And people who are *not* interested in computers aren't *really* aware of the dangers and the carelessness behind the implementation of the technologies they're using to communicate with. Instead, those people have promoted hedonism in the manufacturing of new "toys" (i.e., technologies) that are serving to undermine a human-based humanity.

      We humans have become the tools and the supposed tools (technologies) have become the users, as a general result.

    6. Re:Days of privacy are over with technology... by Jane+Q.+Public · · Score: 1

      "If you're not on facebook but your sister is and your sister inputs data that links back to you. It's trivial to gather more when other indirectly leave breadcrumbs."

      The example you give is such a tiny fraction of the big issue that it can safely be ignored. If you don't like it, just don't use Facebook. End of problem.

      The big privacy invader that is done often without people knowing is tracking.

      And an anti-tracking law would be very easy to enforce. Tracking is ridiculously easy to detect. If there were an anti-tracking law, then people would know and trackers would get caught.

      Besides... it is currently against the law in the U.S. to track anybody under the age of 13. But nobody has been checking ages, and nobody is enforcing it. This should be troubling to everyone.

      If it is illegal to track anyone 12 or younger, and there is no way for trackers to determine age, then they ARE breaking the law, right and left, and must be stopped. It is far past time people stood up and did something about it.

  3. Dice? by Anonymous Coward · · Score: 0

    Is this more Dice nonsense? I don't recall the Slashdot of the past being keen on telling me about a "company" in a "field" that's "worth learning more about." This is like the kind of educational bulletin I would find on my employer's employee intranet site. "We're pleased to announce that we're partnering with GoatseTech. After five billion years in the exploding field of Making You Click Unfortunate Links, GoatseTech is a company worth learning more about! *Link to GoatseTech's 'CEO Profile' page*"

    1. Re:Dice? by TaoPhoenix · · Score: 1

      It might be. After all, they managed this lack of proof-reading:

      " The IAPP is always looking for dynamic, self-motivated individuals to join our team. ... There are no positions available at this time. Please check back soon."

      So, "always" looking for ... creative values of "always".

      --
      My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
    2. Re:Dice? by admdrew · · Score: 1

      Yeah, I avoid pretty much all of Roblimo's posts. Even if they're note Dice-specific, they're all slashvertisments that are rarely interesting.

      --
      LegendMUD
  4. Privacy fail by Dishwasha · · Score: 1

    If you've heard about them, then they aren't any good at what they do.

  5. "Learn about the IAPP" by sideslash · · Score: 1

    I don't just want to learn about them. I want to know their names, where they work, where they live, the stuff they buy at the grocery store. Everything.

  6. Re: a rather...tense...view of privacy by TaoPhoenix · · Score: 1

    ... And once you go down THAT path then it becomes a Zork maze of twisty passages and onion layers that would *make you legally insane* *during* your trial for something. "So, you belonged to the association of privacy professionals, and then you sold some of your data for cash to marketers, and then after that your database got hacked... remind the court exactly what you used to do again for a living?"

    (And since that group is full of general counsels, this is commentary, opinion, and cast in a hypothetical future tense, etc etc.)

    --
    My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
  7. Dice Holdings' spam of the day! by Anonymous Coward · · Score: 0

    Good old Roblimo, sending out the Dice Spam of the Dayâ for us all.

  8. {metric fucktons} or {imperial fucktons} of data? by girlinatrainingbra · · Score: 1

    a question about units... is that a "metric fuckton" or an "imperial fuckton" of data to which you are referring?
    ;>)
    Of course, along with having HIPAA compliance goes two types of caveats: you can accidentally and unmeaningly waive your right to privacy by signing up with a non-covered entity such as Google health, (that link is to the privacy concerns portion). Even though Google health is kaput, others are following in the wake of privacy obliteration. The other caveat is the sharing of data with "partners", who are loosely defined.

  9. Re:{metric fucktons} or {imperial fucktons} of dat by t4ng* · · Score: 1

    Add to that, that many people mistakenly think that the 'P' in 'HIPAA' stands for Privacy. It does not. It stands for Portability. There are only vague references to data privacy and security in HIPAA. It is mostly about making data portable between organizations to make it easier for insurance companies, hospitals, doctors, lawyers, etc. to share your medical and financial information. Your local clinic could still be using unencrypted wifi. They could have a server in their closet that gets stolen and as long as it did not have more than 500 patients worth of data on it, they don't even have to report it!

    Do yourselves a favor, always use a fake SSI number with doctors. Don't argue with them that you don't want to give your SSI to them. Just give them a fake one. They have no legitimate use for it, and all doctors offices I've seen are very lax with security, so you could just be saving yourself from identity theft. But forget about having any chance against the lawyers if an insurance company decides they don't want to pay for your treatment. They have access to your entire lifetime of medical and financial information to trump up some sort of excuse not to pay.

  10. Woeful lack of interested people replying by Anonymous Coward · · Score: 0

    I have been into encryption and encryption programming for several years now and find that most people are woefully ignorant of the need for keeping their affairs inaccessible. Even the stock and commodity brokers I deal with don't have, or sometimes even know about, PGP/GPG programs and keys to keep our communications private. Shame, shame, Slashdoters for your puny interest and replies.

  11. Re:pimps Well said by Anonymous Coward · · Score: 0

    But who are those paying customers? Besides the obvious.. Advertisers I am guessing are the primary buyers..

    I found there answers to be smoke screens, sadly few people know what these companies are really about. I found it funny the seem to justify selling you off, but find nothing wrong with it "hey it could be worse we could give it away", thanx I feel more relieved...knowing you have my back by not giving it away, but making them pay for it. And I get nothing for it. If I am going to be Pimped out I want my percentage..

    If your talking about medical research or the like, there is really no need for this type of recorded data to be given out, the next fear would be DNA data of a patient being sold off as well, DNA being a key to researching how or why a person is not reacting to treatment. Or why a person does react, or a patient that does not exhibit any kind of flaw towards a disease. This stuff should be heavily regulated, and kept face to face with a patient willing to allow such info to be used.

    I do not see tech companies using this to get there products right or an "idea" of want people want. People do not know want they want to begin with. To me it is strictly being allowed because it may help move the economy along. Narrow view, but I do not see justifying this data to be made available at all.