A delicate balance
When Security and Privacy Want Opposite Things
Usually, privacy and information security professionals have a shared mission to protect information. But what happens when their approaches and objectives conflict with each other or make it impossible for them to coexist within a specific use case? From the physical world to the technology realm, there has long been give-and-take necessary to find the right balance between privacy and security in protecting and defending. As privacy (or its more appropriate term, data protection) is about respecting the person, and their decisions around data use and depends heavily on security technologies to be effective, the importance of collaborating continues to increase but remains challenging. We will cover the history of these two worlds' relationship across the physical and technical domains. By reviewing cases, including the recent news that Apple will soon check for CSAM data on users' devices, we will discern how to discuss, understand and find the balance between security and privacy for different use cases, risk postures and constituencies.
Moderator:
Janelle Hsia – Principal, Privacy SWAN Consulting
Janelle Hsia is a trusted advisor for strategic and tactical decision-making within organizations of all sizes. She focuses on privacy and security while bringing a diverse background in leadership, business, security, privacy, and technology spanning over 20 years. Her experience integrating privacy with security and technology helps companies operationalize their privacy and security requirements. She creates comprehensive and tailored data governance programs for SMBs with a global presence. Her passion is privacy and data protection training and awareness. This fall, she is teaching a class on Privacy and Technology at the University of Colorado in Boulder. She is an ISSA Privacy SIG Tri-Chair and one of our 2022 Volunteers of the Year. She is a member of the IEEE Digital Privacy Working Group and an IAPP Official Training Partner. She holds the following certifications CIPM, CIPT, CIPP/US/E, CISA, PMP, and GSLC.
Speaker:
Daniel Ayala – Managing Partner, Secratic
Daniel Ayala (@buddhake) is the Managing Partner at Secratic (secratic.com), a strategic information security and privacy consultancy focused on helping companies protect data and information, and be prepared before incidents happen. Throughout his 25 year career, he has led security and privacy organisations in banking and financial services, pharmaceutical, information, higher education, research and library organisations around the world, and both writes and speaks regularly on the topics of security, privacy, data ethics, and compliance. Daniel is also the host of The Great Security Podcast (greatsecuritydebate.net) and the co-founder of Mentorcore (mentorcore.biz)