It is well understood that data security must play a role in the protection of privacy. But you simply cannot encrypt your way to ensured personal privacy. With the concept of privacy itself being subject to regional and contextual interpretation – making it incredibly difficult to define – it is often a challenge for the enterprise to enact meaningful IT strategy that protects both corporate data and personal privacy while also driving business value. Identity is emerging as an important third pillar in this strategy by providing a concrete link back to physical reality and risk of real-world harm to individuals. If balanced correctly, addressing security, privacy, and identity in unison should lead to ideal outcomes for both individuals and the enterprise.
Three strategic pillars: security, privacy, identity
Privacy is a necessary influencer of security practices because it reflects the human needs of both employees and consumers. After all, technology should ultimately benefit human existence and human productivity rather than burdening them. However, from a business perspective, privacy issues are often difficult to address because they are both very difficult to define and very difficult to monitor. Even when privacy and security are addressed in conjunction, the business is left with a seeming lack of actionable items.
Identity may be the missing link. To see this connection, one has to look past the nebulous definition of privacy and seek its greater function. Privacy acts both as a protection of the self from harm and as a protection of corporate assets from harm by employees, whether that harm be physical, emotional, intellectual, reputational, or otherwise. So to make an effort to protect privacy, there has to be an awareness of the individuals that are directly subject to the harm that comes from violation of that privacy. This is where “identity”provides a key link to reality and the other pillars. The definition of identity is concrete: practically all actions can ultimately be attributed to individuals or things. This means that for security to be actionable with regard to privacy, identity has to be attributed and consequently managed. Therefore, identity management must be increasingly embedded within all IT assets and information management practices.
In doing so, the enterprise bears great responsibility for ensuring that identity information is not compromised, either externally or within the organization – this is where security comes in. However, the incentives of the individual and the enterprise are strongly aligned in this regard. For the individual, voluntarily providing accurate identity data means receiving the best possible services, products, or experiences from the organization. For the enterprise, having a 360-degree view of customer or employee identity means maximizing the value of each long-term interaction and engagement. But for both, ensuring the sanctity of this identity data is key for privacy, trust, and the preservation of a mutually beneficial relationship.
Privacy as a Business Advantage, IT0014-003214 (January 2017)
“The global era of eSignatures demands a holistic identity approach,” IT0014-003227 (February 2017)
Paige Bartley, Senior Analyst, Information Management