Tim Buckley Owen More spam, anyone?
Jinfo Blog

18th September 2011

By Tim Buckley Owen

Item

Senior managers tend to be uninformed about the nature of cyber threats to their business and don’t know where to turn for advice, says an influential new report. Its primary concern is with critical national infrastructure but, as other recent developments show, it’s just as much about protecting your customers’ privacy – and your business’s reputation.

Commercial businesses seem particularly disengaged from the issue says the report, Cyber Security and the UK’s Critical National Infrastructure, from the Royal Institute of International Affairs at Chatham House. But government can only provide incentives to encourage a remedy, the report concludes; it can’t mandate it.

Nevertheless, remedies are certainly required, the report makes clear. Vulnerability to fraud and identity theft, the discovery of the Stuxnet virus in 2010 and the activities of organisations such as Wikileaks are all evidence of how much at risk an interconnected information infrastructure can be from “aggressors, criminals and even the merely mischievous”.

Not that businesses lack advice. Much of the United Kingdom Information Commissioner’s new Guide to Privacy and Electronic Communications is concerned with what businesses may and may not do when marketing to customers, but it also covers what they have to do when they think subscribers’ security has been breached – and the requirements are exacting.

Meanwhile the World Wide Web Consortium is starting to address regulators’ concerns on both sides of the Atlantic about technology that intrudes on web users’ behaviour. It’s setting up a Tracking Protection Working Group with the job of delivering, by the middle of next year, a set of standards to allow individuals to say whether or not they want to be tracked online, and to make sure that whatever tracking does go on is transparent.

It’s questionable whether business will give any of this priority without prodding. As the Chatham House report points out, some organisations seem to want to remain detached from the security debate for as long as possible – an approach which it regards as “inadvisable in such a fast-moving environment”.

And Europe, it seems, is taking the lead. In an open letter the Transatlantic Consumer Dialogue (TACD – a coalition of more than 80 consumer organisations in North America and Europe) expresses surprise that the United States Congressional Subcommittee on Commerce, Manufacturing & Trade should regard the European Union Data Directive as a “burden”.

US privacy laws “lag woefully behind current technology and business practices”, the UK-based TACD says. The US also generates more spam and spends more money monitoring its own citizens than any other country in the world, the group claims.

Although the letter doesn’t spell it out, the underlying message seems clear. If businesses don’t tackle these issues urgently, they’ll come back to haunt them.

« Blog