According to the Tinterwebs, to ‘recommend’ means to; put forward (someone or something) with approval as being suitable for a particular purpose or role.
So you might argue that this is exactly why you hire a consultant in the first place. In some professions I would absolutely agree. A doctor [for example] would not just recommend that you quit smoking, they would – and should – bloody-well insist. However, everyone on the planet already knows that smoking is stupid, so they are doing so with full knowledge of the possible consequences.
In 2016 I predicted that:
- Identity Management will begin to replace single-factor authentication;
- Identity Management will be decentralised onto consumer mobile devices;
- HOW you pay will become increasingly irrelevant;
- Value-Add Services and Customer Service will be the only differentiator;
- Loyalty Programs will begin to centralis;
Even 3 years later only 1 of these things is becoming [slightly] true (#1).
In 2017 I predicted that:
In late 2020, the PCI DSS v4.0 will be released. And in what promises to be an even more significant change than that from 2.0 to 3.0 (released in Nov. ’13), there is, rather unsurprisingly, a great deal of interest in its contents.
So what’s in it?
I’ll be honest, I can’t tell you, or more to the point, I’m not ALLOWED to tell you as the draft version is currently in ‘Request for Comment’ (RFC) status. Yes I have read it, not only that, I have mapped it line-by-line to v3.2.1 and analysed the differences in detail. I have even written a brief on what I consider the impact of those changes will be, but it will have to remain unread until the moratorium is lifted.
In Part 1 of this two-part blog ‘series’, I played the part of a security expert (which I do most days), and examined how privacy is changing the face of the security industry.
In Part 2, I have enlisted the help of a lawyer, data protection and contracts expert, who is basically to blame for me getting into this ‘privacy stuff’ in the first place. She also happens to be my sister; Angela Boswell.
In her learned (and earned!) opinion……………………
If you’re fairly new to this ‘privacy stuff’, you might be wondering why I used the phrase ‘data privacy’, not ‘data protection’. Well, unlike the security industry where we can’t even agree on when to use ‘cybersecurity’, ‘data security’, or ‘information security’, the privacy world has its act together. Hell, security folk can’t even agree on the spelling OF cybersecurity/cyber security!
But for the purposes of this blog, and the Part 2 guest blog to follow, it’s important that you accept my definitions at least, whether you agree with the names or not. It’s the points I’m trying to make that matter, not the nomenclature.