Saturday, August 17, 2013

Privacy 3.0: The Genesis of EarthCom...

Information classification in the private sector is gaining traction again as the nature of sensitive national security leaks are published in the popular press.  Data breach laws and cyber legislation is a daily discussion on Capitol Hill.  CISOs and CSOs even at the Washington Post are in "Incident Response Mode" after a successful phishing exploit by the Syrian Electronic Army.  These Operational Risk Management (ORM) challenges are not only on the rise because of the amount of information that is exchanged each day in an era of the "Internet of Things"; these risks are now front and center as "Privacy 3.0" evolves in the Cloud.

Andrew Serwin of The Lares Institute puts it all in context:
The question confronting modern-day privacy scholars is this: Can a common law based theory adequately address the shifting societal norms and rapid technological changes of today’s Web 2.0 world where legislatures and government agencies, not courts, are more proactive on privacy protections?
As private sector companies produce the technology solutions to accomodate the exponential expansion of our global ICT ecosystem, we must acknowledge the genesis of it's origin.  Human beings.  The products, systems, software and patents are the result of inventions by mankind.  Yet there is evidence that the evolution of ICT, whether it be in hardware, software or the data itself has similarity to biological evolution.  For decades scientists have studied the similarity of the ecosystems of information to the biology of immune systems.  These same smart and bold people have written books, journals and peer tested papers on the subject of transformational systems thinking.  Growth and change in the digital universe follows a biological path found in nature.

The organizational growth cycles are:
  • Forming = entrepreneurship
  • Norming = production
  • Integrating = diversification
This cycle of growth has many labels, yet systems and organizational experts will say that the integrating phase of growth will encounter a bifurcation point, where it is necessary for the system to again innovate and form something new.  To adapt to its new environment.  If the system does not break away and create a new forming stage of the growth cycle, it will eventually perish.  This is why organizational change experts invented such innovations as the "Skunk Works" or why a private sector company breaks off a business unit and creates a whole new company.

Privacy 3.0 is now four years old.  Are we now at the bifurcation stage of the societal information growth cycle and the speed of business is leaving existing government rule of law in the rear view mirror?  Andy Serwin from his 2009 paper said:
Given the changes in society, as well as the enforcement mechanisms that exist today, particularly given the FTC's new focus on “unfairness,” and the well-recognized need to balance regulation and innovation, a different theoretical construct must be created--one that cannot be based upon precluding information sharing via common law methods. Instead, the overarching principle of privacy of today should not be the right to be let alone, but rather the principle of proportionality. This is Privacy 3.0.
As information flows through the manmade veins of supersonic light or invisible waves of zeros and ones around our planet, we are approaching a "Breakpoint."  A place in time, where the system will need to bifurcate in order to survive.  The system of privacy proportionality in government circles has been four levels of classification:
  • Restricted = For Official Use Only (FOUO)
  • Confidential
  • Secret
  • Top Secret (TS)
In the years ahead, as you hold your IP Phone (iPhone) to update Twitter, Foursquare, Facebook or WordPress App, you are behaving in the Privacy 3.0 ecosystem.  While you are at work in the public or private sector using Google Business Apps in the cloud, your behavior and your words including personal data such as your semantics or GPS coordinates, are entering one of four levels of sensitivity.

In order to make the leap to our next systemic "Breakpoint", we will need to design in proportional privacy to our Operational Risk Framework.  Without it, the system will decay and ultimately cease to exist.  Is privacy an after thought in your organization?  What information governance education takes place on a continuous basis?  How do you monitor and measure?  Have you tagged the information into four levels of sensitivity?  These are just a few of the questions that the Privacy 3.0 enterprise is encountering, at the genesis of an ICT "EarthCom."