This is the third and probably last one of this consecutive series of posts I’ve dedicated to Personal Privacy.
As I already said in previous posts, these days fortunately I’ve caught in an “work jam” (I’ve said “fortunately” because I leave in a country, Spain, where the current unemployment rate is about 25%, difficult to understand for anyone, but fortunately it seems to be changing). This work-jam is the reason this post has been delayed so far, despite after the meeting I’m going to speak about I felt compelled to write immediately, just after finishing it, but you know, I have to meet other obligations.
The fact is that yesterday I was invited by an excellent professional and business man, Javier Peris (a good friend of mine) to the VII National Congress of IT Government, Auditing and Security and (Congreso Nacional de Auditoría, Seguridad y Gobierno de TI) organized by ISACA at my born town, Valencia (the third biggest city in Spain). In spite of the work-jam I decided to attend because of friendship. The well-structured and interest of the subjects to be covered and the quality of the speakers and other involved professional as well as stakeholders. As in precedent Congresses, this year all of the speakers were great too, and these is the reason my worries during and after the meeting are stronger. (By the way the Congress ends today but I’m not been able to attend; so maybe some of my worries could be solved today).
Going to the subject, one of the most appealing event (in my opinion and in spite of other interesting subjects focused by other speaker as Carmen Serrano, Florencio Cano, Javier Zubieta o Javier Cao) was a round table about “Cyber War”.
During the whole discussion I was amazed to discover no one face up the unfortunate recent facts disclosed by Snoweden. I thought, perhaps, people were afraid the discussion became about political issues instead of the technical aspects and business consequences. ISACA’s Congress (as this blog is) is a technical meeting, but treating that subject is very easy that the discussion evolves toward important political issues related with the subject. Due to I share that fear about the evolution of the discussion I decided to wait (and people who knows me will guess how difficult it was to me) to see when someone would introduce the argument that Europe has been (probably it follows currently) cyber attacked by the United States of America.
Let me say it once again, I’m not going to discuss if we can be allied in the NATO with a country that spies our Europe Prime Ministers as well as our business leader(and take advantage of it, as themselves recognized for the cases of Brazil or Japan espionage), neither I’m going yo discuss if USA behavior is evolving toward a “policy state” and/or Aldous Huxley’s “Big Brother” society, HOWEVER I really wonder (because that was was one of the other subjects treated in the ISACA Congres) if Europe can keep signing the Safe Harbour agreement with US about complying with the EU Directive 95/46/EC on the protection of personal data. I also wonder myself how we can “sell” security prevention, assessment, auditing and consulting tasks about “data privacy” knowing not only hackers but Governmental agencies under NO-Legal-control can break and the latter infringe it with complete impunity.
Recently, in my last post, titled “Personal Data Privacy & Europe’s Cloud Regulation: the privacy approach (Spain and other European countries are the leaders)”,as its title announces I showed how Spain and Other European countries are the in the firsts position of the privacy protection ranking. Here, in Spain, we have the LOPD law that fully agrees and math the EU Directive 95/46/EC on the protection of personal data; besides the Spanish Public Administration must follow the “National Security Layout” (ENS or “Esquema Nacional de Seguridad”) and recently it has been released a law for securing “critical industries”. All of them are good (although many people think they could be better) because of its focus on improve IT security of subjects that “affect” to the citizens (in one way or other).
Consequently, in summary and without going deep in this subject) they are also good for today business in, at least, two ways: citizens will trust in, and also because it fosters business about how to implement the appropriate security measures, to meet the regulation compliances, and to audit all of them (some of the ISACA Congress speakers treated these points). So I wonder myself how no on introduce early the problems of consequences of US behaviour.
Therefore, at the end, I decided to deliver the question to the round table. And the conclusion of the answers, and of the silences, was VERY WORRYING:
And now it’s when I understand better why (although very slowly) the European Commission wants to regulate more strictly about some related subjects, despite that measures (as I stated in the post titled “Personal Data Privacy & Europe’s Cloud Regulation: the dilemma”) may cause a negative impact in both business and innovation.