Privacy in security is a key topic for OpenConsent, we have a deep background in surveillance, privacy and identity standards and innovation.
To this end there is
“there is a drum beat around interoperability. Interoperability among global enterprise physical security systems, to this day, is nascent for the physical security functions as well as their support of information technology standards. ”
“absolutely necessary that cybersecurity and privacy best practices are put in place from the very beginning of the design stage and through prototype” (Sal D’Agostino @IDmachines )
With posts like “Securing physical security” being written by Open Consent Co-Founder, Sal D’Agostino, it should be no surprise that OpenConsent is focused on security in privacy, with the GDPR surveillance infrastructure needs an update and data breach is a critical security function for any organisation with data to protect.
Read the full article here
Of all the privacy risks an organisation faces today, there are 3 ways in which a regulatory audit will occur for organisations that don’t deal with special categories of data.
- People will complain to a regulator
- A Data Breach will attract a regulator
- Whistle Blowing will out you to a regulator
Tip #1 Be Aware of your own Open Public Privacy Profile
Note: In the future, there will be certifications and trust-marks that will help to automate public privacy for organisations. The European Union is currently building this infrastructure, so until there are standards, or you find some technology that enables your organisation to let people control their own data, it’s up to your organisation to be on its best behaviour.
Tip #2: Register with the ICO
Be publicly open and register with an authoritative 3rd party like the UK ICO data controller registry while you can, not only is it inexpensive, but this provides an independent point of privacy transparency to increase a brand’s trust. The ICO data controller registry provides a means for organisations to show off some privacy prowess and be used as apart of a way to show low compliance risk with EU regulations via an independent public privacy profile.
Tip #3 Privacy Response
2. Respond in the allotted time by UK regulation, regardless of where your organisation resides in the world, and if you do, a regulator won’t easily have the opportunity to audit you.
Privacy by default, is the promise of Privacy 2.0 which is marked as starting when the Privacy laws become enforceable in the EU May 25th, 2018. Its also marked as the day digital technology is recognised in terms of the threat to personal security.
On May 25th, Public Privacy gets an upgrade in the EU and privacy regulators in the rest of the world are task with demonstrating equivalence.
The expected results is societal evolution along the lines of usable digital privacy rights for people.
Stay tuned for announcement for May- Privacy & Industry 2.0 activities and events being planned for May 22-23 in London on the Southbank.
Mark Lizar in an interview with unBoundID, explains the experiences people have with consent.
“If you look at the experience that most people go through, such as entering in passwords or resetting passwords, the uncertainty about where your data is going and how it is being used, it is not a friendly process. People are stuck in a situation where they have to give consent to complete an action online but there is no transparency. As a result, people feel isolated, forced to lie and agree to terms not read, and are not empowered. Each organization’s policies are a closed, bespoke, policy framework, where you are more often than not, agreeing to consent forever.”
The OpenConsent solution, is to let people manage consent independently, enabling consent to be freely given and easily withdrawn. But for consent to be open companies need to have publicly usable privacy profiles, or people still need to go to each company, one at a time.
This week the Kantara Board of Directors agreed an Memorandum of Understanding with the Open Consent Group to facilitate the engineering and adoption of Consent & Identity Management.
The Consent Receipt Specification being developed in the Kantara Consent & Information Sharing WG, has being led by
Mark Lizar, which is now being edited by David Turner, ex Global Director of Standards at Microsoft.
The Consent Receipt work, started in 2014, has become more significant since the new General Data Protection Regulation for EU has been in announced in December and published on May 4th of this year. The Consent Receipt is intended to work globally, is based on the ISO 29100 Privacy & Security framework is very well designed and anticipates this new
This GDPR regulation, which has had fierce lobbying from the likes of Google, has dramatically improved and strengthen the laws around privacy and especially consent, raising the bar internationally. Not only requiring greater transparency over consent, which the receipt provides, but legally mandating the provisions of notices for consent, the creation of privacy records for consent and that consent be as easy to withdraw as it is to provide.
All of which can be made possible with the Consent Receipt in a consistent, open and transparent way.
The CISWG aims to ratify the first draft of the Consent Receipt, with a V1.1, which will take 3 rounds of public comments from the WG, implementors and then the Kantara Community, before being voted on to become a Kantara Publication.
We look forward to working with Kantara to achieve this publication in the next year as the Consent Receipt is the only specification of its type, which will work internationally.