Internet Society to Issue Privacy Code of Conduct

Security pros know all too well that following basic privacy guidelines can cut down on human errors that can lead to serious security breaches.

Its easy to be cynical about Data Privacy Day, especially with all the data that companies collect on individuals today. Some have even taken to calling Mondays special day of events
Lack of Privacy Day
.
Fear not. In time for Data Privacy Day, the Internet Society has issued a
nine-point code of conduct
that offers insights into how companies can more effectively manage personal data, including ways to improve how they handle anonymized data and keep consumers better informed on what they actually consented to releasing.
People regard data as a commodity they can exploit, but they have to change to becoming a responsible steward of that data, says Christine Runnegar, senior director of Internet trust for the Internet Society. Companies have to change their mindset, she adds.
They also must be held accountable and stop using the consumers consent to excuse bad practices, she says. For example, very often company websites will post long-winded forms at the bottom of the page written in legalese that people gloss over and accept.
People often dont know what it means or what the risks are, Runnegar says. Businesses have to offer a clearer explanation of what the personal data will be used for and make clear that it is for legitimate and reasonable purposes. They should follow up with written explanations in plain language of what the person actually consented to releasing.
Theres good reason for the concern. TrackOff reports that 75% of the websites people visit collect information about them and, on average, that personal information gets sold for as low as less than three cents. Data brokers have expanded from collecting a persons browser history and email to making inferences about religious affiliations, credit card information, and even health issues.
But with GDPR in effect, the California Consumer Privacy Act coming on line next year, and Brazil and India focusing on privacy, companies and security pros can no longer ignore it and have to find ways to layer in privacy with security.
Take Care of Anonymized Data
The Internet Societys
code of conduct
also makes clear that anonymized data should be treated as if it were personal data. A good example: A travel website may ask for your name, address, age, and frequent travel destinations. In anonymizing the data, the company may strip out the names and run an analysis on the age demographic of people who visit a certain destination. Today, companies often resell this information, but moving forward they need to think twice about doing so because there are ways to trace that data back to specific individuals.
We also want companies to be creative and go above and beyond what the privacy laws require, Runnegar says. A good example would be a secure messaging service that would only use your phone number to set up the account, then delete it after that so it cant be reused.
Jadee Hanson, CISO at Code42, says too many companies dont even know what kind of data they have, and, even if they do, they havent set specific rules on who can use what data and how they will monitor that those rules will be followed.
Once I have established what PII the company has, then I need to use security controls to set privacy settings for the two people who can have access to that data, Hanson explains. Where companies fall down is they dont have any way to validate that the rules are being followed.
Related Content:
Californias New Privacy Law Gives GDPR-Compliant Orgs Little to Fear
7 Privacy Mistakes That Keep Security Pros on Their Toes
Satya Nadella: Privacy Is a Human Right
3 out of 4 Employees Pose a Security Risk

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Internet Society to Issue Privacy Code of Conduct