Information classification in the private sector is gaining traction again as the nature of sensitive national security leaks are published in the popular press. Data breach laws and cyber legislation is a daily discussion on Capitol Hill. CISOs and CSOs even at the Washington Post are in "Incident Response Mode" after a successful phishing exploit by the Syrian Electronic Army. These Operational Risk Management (ORM) challenges are not only on the rise because of the amount of information that is exchanged each day in an era of the "Internet of Things"; these risks are now front and center as "Privacy 3.0" evolves in the Cloud.
Andrew Serwin of The Lares Institute puts it all in context:
The organizational growth cycles are:
Privacy 3.0 is now four years old. Are we now at the bifurcation stage of the societal information growth cycle and the speed of business is leaving existing government rule of law in the rear view mirror? Andy Serwin from his 2009 paper said:
In order to make the leap to our next systemic "Breakpoint", we will need to design in proportional privacy to our Operational Risk Framework. Without it, the system will decay and ultimately cease to exist. Is privacy an after thought in your organization? What information governance education takes place on a continuous basis? How do you monitor and measure? Have you tagged the information into four levels of sensitivity? These are just a few of the questions that the Privacy 3.0 enterprise is encountering, at the genesis of an ICT "EarthCom."
Andrew Serwin of The Lares Institute puts it all in context:
The question confronting modern-day privacy scholars is this: Can a common law based theory adequately address the shifting societal norms and rapid technological changes of today’s Web 2.0 world where legislatures and government agencies, not courts, are more proactive on privacy protections?As private sector companies produce the technology solutions to accomodate the exponential expansion of our global ICT ecosystem, we must acknowledge the genesis of it's origin. Human beings. The products, systems, software and patents are the result of inventions by mankind. Yet there is evidence that the evolution of ICT, whether it be in hardware, software or the data itself has similarity to biological evolution. For decades scientists have studied the similarity of the ecosystems of information to the biology of immune systems. These same smart and bold people have written books, journals and peer tested papers on the subject of transformational systems thinking. Growth and change in the digital universe follows a biological path found in nature.
The organizational growth cycles are:
- Forming = entrepreneurship
- Norming = production
- Integrating = diversification
Privacy 3.0 is now four years old. Are we now at the bifurcation stage of the societal information growth cycle and the speed of business is leaving existing government rule of law in the rear view mirror? Andy Serwin from his 2009 paper said:
Given the changes in society, as well as the enforcement mechanisms that exist today, particularly given the FTC's new focus on “unfairness,” and the well-recognized need to balance regulation and innovation, a different theoretical construct must be created--one that cannot be based upon precluding information sharing via common law methods. Instead, the overarching principle of privacy of today should not be the right to be let alone, but rather the principle of proportionality. This is Privacy 3.0.As information flows through the manmade veins of supersonic light or invisible waves of zeros and ones around our planet, we are approaching a "Breakpoint." A place in time, where the system will need to bifurcate in order to survive. The system of privacy proportionality in government circles has been four levels of classification:
- Restricted = For Official Use Only (FOUO)
- Confidential
- Secret
- Top Secret (TS)
In order to make the leap to our next systemic "Breakpoint", we will need to design in proportional privacy to our Operational Risk Framework. Without it, the system will decay and ultimately cease to exist. Is privacy an after thought in your organization? What information governance education takes place on a continuous basis? How do you monitor and measure? Have you tagged the information into four levels of sensitivity? These are just a few of the questions that the Privacy 3.0 enterprise is encountering, at the genesis of an ICT "EarthCom."