Addressing Privacy: There Will Never Be a Technology-Only Solution Because of the Human Factors Involved

Last week I had the pleasure of being interviewed by Jay Cline for a Computerworld article he was doing about small companies, such as mine, that provide privacy services to organizations.


The article, “Eight Privacy Firms to Watch” has now been published.
It provides a good look into some of the issues small firms such as mine address, what services we offer, along with demonstrating the diversity of privacy issues that organizations must address.
Due to space limitations all the information we discussed during our email interview could not be included. Here is one of the questions that there was not room to address within the article, but it is something that is very important for organizations to keep in mind when they are developing their privacy programs. In response to the question, “Where do you think the market is going in the next 2 years?” I responded:

“Right now it worries me that so many organizations are purchasing software to put them into, what they believe based upon the vendors’ claims, 100% compliance with data protection laws and contractual requirements. Organizations need to understand that much of information security and privacy work that needs to be done is people-based; policies, procedures, training, awareness, response activities, and so on.
Yes, many activities *CAN* and should be automated, such as logging access to files with personally identifiable information (PII), intrusion detection, and so on. But there will always be a significant human factor required to achieving effective information security and privacy throughout the enterprise.
Information security and privacy must be incorporated throughout the entire fabric of the enterprise and into the entire SDLC to be effective. I believe there will be more realization over the next two years that information security and privacy cannot be a band-aid add-on after a product or system has been launched; it must be incorporated into the mindset of all personnel.
I believe over the next two years there will be more activity in the market within awareness and training activities and materials, but I also think there will continue to be more vendor software solutions being created and launched claiming to be the ultimate technology solutions for all organizational information protection needs. I hope that organizations will realize that there is no one silver-bullet information security and privacy compliance technology product in existence that can do all their work for them, and there never will be. There will always be the human factor that must be addressed, and technology alone will not meet the human factor requirements and components.”

I’ve written about many times, but it is worth repeating many times more; technology alone will not solve a company’s information security, privacy or compliance challenges and requirements. The human factor is significant and must be addressed.

Tags: , , , , ,

Leave a Reply