The Future of Privacy Forum, a Washington think tank, last week announced a new working group dedicated to exploring the overlap between data privacy and cybersecurity.
The Inaugural Advisory Committee of the Privacy and Cybersecurity Expert Group includes experts from Amazon Web Services, T-Mobile, Cloudflare, Gibson Dunn, DLA Piper and Duke University. According to Amie Stepanovich, FPF’s vice president for U.S. policy, the group was formed to advance the notion that there are commonalities between privacy and cybersecurity.
“Often, privacy and cybersecurity are mistaken as separate, and sometimes even competing, motivators,” Stepanovich said in a news release. “However, both cybersecurity and privacy experts deal with large amounts of personal information. Our work to convene the Expert Group, and with the advice of our Inaugural Advisory Committee of innovative thinkers, provides an invaluable opportunity for a wide variety of experts to work together and become powerful allies moving toward the common interest of crafting norms and protections for society at large.”
One of the inaugural group members, Andy Serwin, the U.S. Chair and Global Co-Chair of DLA Piper’s Data Protection, Privacy and Security practice, told StateScoop that while the nascent group has yet to outline specific objectives, one of his is to help privacy and cybersecurity practitioners communicate more effectively.
“One of my goals here is to help create a language that the very disparate stakeholders can actually both understand, because I think a lot of the issues in this space are people talking past each other,” Serwin said. “I don’t think you can solve much until you’re actually communicating with each other.”
Another goal, he said, is to clearly define some of the ethical uses and values of using and protecting sensitive data.
“The challenge to me in this space isn’t that people aren’t trying hard to do the right thing. It’s that the tech moves so fast and it changes so much that regulating it is harder than people think it is,” Serwin said. “And so that’s why you have to have an ethics or value basis for a lot of this because the ethics and values of data shouldn’t change, even if the tech changes.”
Though several states have enacted privacy laws, there’s still no sweeping federal privacy law on the books. Serwin said that while federal regulation would help with standardizing an approach to privacy and cybersecurity, a discussion of ethics will help legislators avoid premature rules and policy overkill. The group held its first meeting last month, but Serwin said members are still hammering out the details on how to engage with legislators and regulatory bodies on their forthcoming recommendations.
And in the age of artificial intelligence and its constantly evolving applications, Serwin said evaluating the ethics of widespread data usage is integral to understanding its risks.
“We’ve gotten to a point where the use of data — and I don’t even just mean private data about people — is so ingrained in our culture and our world to make it function that we just are going to keep having use cases where using a lot of data is inherent in the model,” he said. “Correspondingly, there’s risk to the individual, when their data is used, and how you balance that out is one of the key things we’re trying to figure out.”