Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA: Learn About the International Association of Privacy Professionals (Video)

Posted by Roblimo on from the peek-a-boo-you-can't-see-me dept.

Today's video is an interview with the Corporate Alliance Director and the Chief Technology Officer of the International Association of Privacy Professionals (IAPP), a non-profit organization that claims it is "...the largest and most comprehensive global information privacy community and resource, helping practitioners develop and advance their careers and organizations manage and protect their data." In other words, it's not the same as the much-beloved Electronic Privacy Information Center (EPIC), but is -- as its name implies -- a group of people engaged in privacy protection as part of their work or whose work is about privacy full-time, which seems to be the case for more and more IT and Web people lately, what with HIPAA and other privacy-oriented regulations. This is a growing field, well worth learning more about.

18 of 23 comments (clear)

  1. There's privacy? by simplypeachy · · Score: 4, Informative

    A visit to their homepage helpfully tells Comodo, Twitter, UserTrust and Google about your visit and drops several cookies, some lasting one or two years. But it's OK - it all goes via SSL so it must be good for privacy.

    1. Re:There's privacy? by Dins · · Score: 2

      The "Platinum Members" listed at the bottom of their site include: Accenture, AstraZeneca, Capital One, Deloitte, Ernst & Young, Edelman, HP, Intel, KPMG, LexisNexis, Microsoft, Ponemon, Promontory, and PWC.

      Now in the great /. tradition, I did not read TFA nor watch TFV, but I doubt the listed companies truly have our privacy best interests at heart.

    2. Re:There's privacy? by fuzzyfuzzyfungus · · Score: 1

      A visit to their homepage helpfully tells Comodo, Twitter, UserTrust and Google about your visit and drops several cookies, some lasting one or two years. But it's OK - it all goes via SSL so it must be good for privacy.

      The very existence of 'privacy professionals' as a thing is largely predicated on a rather...tense...view of privacy: specifically, that we will generate and store a fuckton of data about you; but then we'll hire a guy to make sure that the data are only accessed in compliance with HIPAA and/or after the payment has cleared...

      They are really more 'transparency compartmentalization' than 'privacy'.

    3. Re:There's privacy? by fuzzyfuzzyfungus · · Score: 1

      They are essentially pimps with respect to privacy: It's not that they have your good at heart; but they have a very strong interest in making sure that only paying customers get access.

    4. Re:There's privacy? by Synerg1y · · Score: 1

      I'm a bit jealous, these people were able to spin a brand new role out of virtually nothing, but there's a giant elephant in the room here, what happens when the privacy professional gets breached? I doubt they're any special, or have a crystal ball for predicting zero days, so say they get breached, your data is compromised... you're getting sued by your customers... you go to sue the privacy firm, who closes doors and goes chapter 7. I would rather throw my data in the cloud lol. At least you can then sue amazon or something.

  2. Days of privacy are over with technology... by blahplusplus · · Score: 1

    ... and the likes of stupid tech illiterate people. Look at how willingly people put their public data online on facebook and linkedin, etc. The whole idea of privacy is something that can't be put back in the box. It only takes one stupid person who doesn't understand technology to post a pic or say something on facebook to reveal something about you directly or indirectly.

    Now especially with the likes of google and others having developed techniques to identify people from non-anoymous and pseudononymous data. Google's whole business revolves around identifying you and things about you to advertise to you. Hell even your IP address + a few tweaks is enough to identify and/or narrow down who you are massively for most users.

    1. Re:Days of privacy are over with technology... by Dishwasha · · Score: 1

      Reminds me of the few times that I've read of somebody "anonymously" posting a picture about a crime they committed online, but they failed to realize that the picture had embedded date/time and GPS coordinates which the police used to very easily isolate and track them down.

    2. Re:Days of privacy are over with technology... by TaoPhoenix · · Score: 1

      Right, I don't even know who to reply to, all the early comments are hitting useful markers in the discussion, and it's a big complicated mess. It's full of "chief compliance officers", supposedly people whose jobs do "sorta" depend on not blundering too badly.

      But then other people are remarking on the de-anon of data, "Platinum Members", cookies and web beacons "that provide functionality", a shameless admission of Google Analytics (really?! they couldn't grow their own?!) and more.

      This story and this entire group feels ripe for Flamebaiting. And maybe (gasp do I dare say it?) Anonymous.

      "Privacy organization got hacked and their entire database of members is in the wild". Oops.

      --
      My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
    3. Re:Days of privacy are over with technology... by Jane+Q.+Public · · Score: 1

      "Days of privacy are over with technology..."

      I think I have to call BS here. Our privacy issues are far more due to our shitty laws than they are due to technology. It would be trivial to outlaw tracking, pixel bugs, etc. if only the American people had the will to do it. Technology, per se, is not the villain here. Congress is.

    4. Re:Days of privacy are over with technology... by blahplusplus · · Score: 1

      The problem isn't with the laws, even if you fixed the laws there's no way it's enforceable. If you're not on facebook but your sister is and your sister inputs data that links back to you. It's trivial to gather more when other indirectly leave breadcrumbs. When people publicly expose themselves on the net they don't fully grasp what that means technologically. So although YOU might be careful with your data other people can expose you indirectly so it becomes unenforceable very quickly.

    5. Re:Days of privacy are over with technology... by Jane+Q.+Public · · Score: 1

      "If you're not on facebook but your sister is and your sister inputs data that links back to you. It's trivial to gather more when other indirectly leave breadcrumbs."

      The example you give is such a tiny fraction of the big issue that it can safely be ignored. If you don't like it, just don't use Facebook. End of problem.

      The big privacy invader that is done often without people knowing is tracking.

      And an anti-tracking law would be very easy to enforce. Tracking is ridiculously easy to detect. If there were an anti-tracking law, then people would know and trackers would get caught.

      Besides... it is currently against the law in the U.S. to track anybody under the age of 13. But nobody has been checking ages, and nobody is enforcing it. This should be troubling to everyone.

      If it is illegal to track anyone 12 or younger, and there is no way for trackers to determine age, then they ARE breaking the law, right and left, and must be stopped. It is far past time people stood up and did something about it.

  3. Privacy fail by Dishwasha · · Score: 1

    If you've heard about them, then they aren't any good at what they do.

  4. "Learn about the IAPP" by sideslash · · Score: 1

    I don't just want to learn about them. I want to know their names, where they work, where they live, the stuff they buy at the grocery store. Everything.

  5. Re:Dice? by TaoPhoenix · · Score: 1

    It might be. After all, they managed this lack of proof-reading:

    " The IAPP is always looking for dynamic, self-motivated individuals to join our team. ... There are no positions available at this time. Please check back soon."

    So, "always" looking for ... creative values of "always".

    --
    My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
  6. Re: a rather...tense...view of privacy by TaoPhoenix · · Score: 1

    ... And once you go down THAT path then it becomes a Zork maze of twisty passages and onion layers that would *make you legally insane* *during* your trial for something. "So, you belonged to the association of privacy professionals, and then you sold some of your data for cash to marketers, and then after that your database got hacked... remind the court exactly what you used to do again for a living?"

    (And since that group is full of general counsels, this is commentary, opinion, and cast in a hypothetical future tense, etc etc.)

    --
    My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
  7. Re:Dice? by admdrew · · Score: 1

    Yeah, I avoid pretty much all of Roblimo's posts. Even if they're note Dice-specific, they're all slashvertisments that are rarely interesting.

    --
    LegendMUD
  8. {metric fucktons} or {imperial fucktons} of data? by girlinatrainingbra · · Score: 1

    a question about units... is that a "metric fuckton" or an "imperial fuckton" of data to which you are referring?
    ;>)
    Of course, along with having HIPAA compliance goes two types of caveats: you can accidentally and unmeaningly waive your right to privacy by signing up with a non-covered entity such as Google health, (that link is to the privacy concerns portion). Even though Google health is kaput, others are following in the wake of privacy obliteration. The other caveat is the sharing of data with "partners", who are loosely defined.

  9. Re:{metric fucktons} or {imperial fucktons} of dat by t4ng* · · Score: 1

    Add to that, that many people mistakenly think that the 'P' in 'HIPAA' stands for Privacy. It does not. It stands for Portability. There are only vague references to data privacy and security in HIPAA. It is mostly about making data portable between organizations to make it easier for insurance companies, hospitals, doctors, lawyers, etc. to share your medical and financial information. Your local clinic could still be using unencrypted wifi. They could have a server in their closet that gets stolen and as long as it did not have more than 500 patients worth of data on it, they don't even have to report it!

    Do yourselves a favor, always use a fake SSI number with doctors. Don't argue with them that you don't want to give your SSI to them. Just give them a fake one. They have no legitimate use for it, and all doctors offices I've seen are very lax with security, so you could just be saving yourself from identity theft. But forget about having any chance against the lawyers if an insurance company decides they don't want to pay for your treatment. They have access to your entire lifetime of medical and financial information to trump up some sort of excuse not to pay.