Archive

Archive for February, 2009

Privacy Execs: Orange Jumpsuits In Your Future? Google’s Privacy Counsel Criminally Charged

February 3rd, 2009 No comments

Handcuffs
I find this case extremely fascinating on many levels.  From eWeek:

According to the International Association of Privacy
Professionals, the charges are thought to be the first criminal
sanction ever pursued against a privacy professional for his company's
actions.

You can see the original story from the International Association of Privacy Professionals (IAPP) here.

The implications of this are quite profound as you can imagine.  CEO's and CFO's can be held accountable for crimes committed under their watch, so it's not too far of a stretch to see how privacy officers like Fleischer will have their feet held to the fire when subject to international law that takes a different perspective on the responsibilities associated with privacy than we might. 

How many indictments have we had in the U.S. for the release of information in corporate breaches?  The U.K.?

I'm not making a judgment call on this particular case because I certainly don't have all of the details, but it sets a very interseting precedent.

Imagine if you were a Chief Privacy Officer or perhaps a Chief Information Officer subject to this sort of scrutiny outside of the due care and stewardship requirements of the job in general.  If something bad happens, generally the worst thing that might occur is you lose your job.

Imagine if you were personally liable for the posting of content from millions of users globally and could be sentenced to share a shower and a cell with an angry Italian man who can't get a decent cappuccino.  I can't imagine what that would be like.

This may be the first time a privacy professional has been charged on behalf of the company he/she is employed by, but I will bet this won't be the last time it happens, either.

Besides the impact this can have on employees of providers of service, Google suggests it calls into focus larger issues of Net Neutrality:

What's more, seeking to hold neutral platforms liable
for content posted on them is a direct attack on a free, open Internet. We
will continue to vigorously defend our employees in this prosecution."


An interesting argument for sure and one I can see being debated vigorously.  It's clear Google operates globally, so they must understand this sort of thing could happen.  What about Facebook (sorry, Chris) or MySpace?  What happens when Amazon is used to host data that is mishandled by someone.  What then?

Imagine what fun it's going to be when we're all cloudified and the mash-up frenzy makes the cross-pollenization of information today look orderly; who's responsible then?

What do you think?  Should privacy officers be liable for events like this?  Should CSO's/CISO's and Compliance Managers be liable when a breach occurs exposing protected information?  Think about that answer very carefully.

/Hoff

*You can find Peter Fleischer's blog here.

Don’t Hassle the Hoff: Recent Press & Podcast Coverage & Upcoming Speaking Engagements

February 2nd, 2009 No comments

Microphone

Here is some of the recent coverage from the last couple of months on topics relevant to content on my blog, presentations and speaking engagements.  No particular order or priority.

Press/Technology & Security eZines:

Website/Blog Coverage/Meaningful Links:

I should note that many of my cloud computing writing is being republished over at the SYSCON Cloud Computing Journal with a self-branded mini-site: ChristoferHoff.Sys-Con.com

Podcasts/Webcasts/Video:

I am confirmed to  speak at the following upcoming events:

  • Source Boston  - Boston, MA – March 11-13
  • TechTarget Threat Management Decisions Summit – New York, NY – March 26
  • Americas Growth Capital InfoSec Conference (keynote) – San Francisco, CA, April 20
  • RSA 2009 (multiple sessions) – San Francisco, CA, April 21-24
  • Virtualization Congress – Las Vegas, NV, May 4-7
  • (there are others being sorted at the moment

I should/will be attending the following events:

  • Shmoocon
  • Cloud Computing Expo   

/Hoff