In Part 1 of this two-part blog ‘series’, I played the part of a security expert (which I do most days), and examined how privacy is changing the face of the security industry.
In Part 2, I have enlisted the help of a lawyer, data protection and contracts expert, who is basically to blame for me getting into this ‘privacy stuff’ in the first place. She also happens to be my sister; Angela Boswell.
In her learned (and earned!) opinion……………………
I’ve heard that the best writers draw inspiration from the people around them. Clearly this works for crap writers too, because I totally stole the phrase ‘distracting innovation’ from a friend of mine. So thank you for that Gareth.
I have dedicated the last half of my career to providing my clients the only thing that makes sense to me; an appropriate security program that supports and enables the needs of the business. I have also chosen to predicate the implementation of that program on the following well established cornerstones. In order of importance:
I have long maintained that fines under GDPR are the last resort, and that the ICO do NOT want to use Article 83 of the GDPR as a stick to scare organisations into compliance.
The ICO commissioner, Elizabeth Denham has even said as much herself, using the word “nonsense” when it was suggested that large fines would become the norm, that “Issuing fines has always been, and will continue to be, a last resort[…]“, and “While fines may be the sledgehammer in our toolbox, we have access to lots of other tools that are well suited to the task at hand and just as effective […]“.
I have made no secret of my distain for the ‘GDPR Practitioner Certification‘ badge, and I still have no time for it, or its recipients who pass it off as real-world experience. But what alternatives are there if you want to obtain some form of data protection certification / privacy education?
The de facto standard, and really the only player in town, is the International Association of Privacy Professionals (IAPP), and their flagship badge, the Certified Information Privacy Professional (CIPP), is the most widely recognised and respected acronym you can add to your CV/resume. It’s the equivalent of the CISSP for those of us in the cybersecurity industry.
I am absolutely sick to death of security vendors using the buzz-phrase Artificial Intelligence (AI) as a descriptor for their product or service.
- AI does not even exist yet, the most you can say is that it’s very clever programming;
- Not everyone is a fan of AI.
So, by trying to claim your product uses AI, you have now alienated 2 types of people; 1) those who hate bullsh*t artists, and 2) the paranoid.
In cybersecurity, there are a lot of both.