Security Summit Examines Privacy


    GRAND RAPIDS — Identity and information theft is in the news again, and it’s a topic that should concern every individual and every business.

    At the same time federal authorities were cracking the largest alleged identity theft case in U.S. history, Deloitte & Touche last week was hosting the 2002 Information Security Summit.

    The same day local business leaders were gathering at the Amway Grand Plaza’s Pantlind Ballroom to discuss information security, authorities announced that three men had been charged with stealing credit information from more than 30,000 people, draining victims’ bank accounts and ruining their credit.

    According to the Associated Press, U.S. Attorney James Comey said the losses were calculated so far at $2.7 million but would balloon to many more millions and affect consumers in every state. He called the case, “every American’s worst financial nightmare multiplied tens of thousands of times.”

    To combat similar problems, Steven Adler, market manager for IBM’s Tivoli Security & Privacy Software, distinguished the difference between privacy and security and offered tools for businesses to use to keep information secure and private.

    “Lately there has been a lack of corporate trust, and that trust has been eroded by companies like Enron, MCI/WorldCom and Tyco,” Adler said. “Before 9-11 we all thought privacy and security were the same; now we know that privacy is a luxury and security is the most important.”

    Gathering information has become a habit and more of a precautionary measure, he noted. But what does one do with all of the collected information? How is it stored so that after gathering it, it can’t leak out?

    Adler said some of those answers are in new software developments.

    “Privacy is fundamentally about consent. Security is a monarchy and privacy is a democracy,” said Adler. “Who do you give the OK to? Who do you allow to analyze and look at your personal and organizational information — and even more important, who can you trust?”

    The question raised goes back to the identity theft issue, where with a few keystrokes, three men essentially picked the pockets of tens of thousands of Americans, took their identities, stole their money and swiped their security.

    And at a time when shredding document after document of personal and financial information is not necessarily going to keep the consumer safe, other precautions are needed in this technology-driven world.

    So who should have been secure?

    Everyone, Adler said.

    Currently, he noted, there are a bunch of rules, regulations and legal verbiage on privacy policies, but no way to easily and fairly implement them.

    With IBM’s Tivoli system, he said access to information is based on purpose. With companies sharing private information every day and the number of confidential transactions performed every hour growing at an unprecedented rate, security and privacy are fast approaching a crucial point.

    Successfully managing the use of the data collected requires that privacy policies are applied and consistently enforced across the entire IT infrastructure, Adler noted.

    Because businesses have typically depended solely on written policies and manual procedures to manage the privacy preferences of customers, employees and business partners, something such as Tivoli has not been introduced until now.

    Adler said that by automating data-handling practices, businesses reduce the risk of inappropriately disclosing personal and confidential information, which is a major inhibitor for e-business initiatives.

    “Tivoli has developed a privacy middleware solution to bind privacy policies to applications and control access to sensitive data according to individual privacy preferences,” said Adler.

    “A privacy policy is a contract between you and your employees. This will provide a business-wide view of all privacy policies enabling companies to create, edit, enforce and centrally manage privacy policies across the entire IT infrastructure.”

    Tivoli will help businesses build privacy policies and practices directly into the e-business application and infrastructure. It can also be used to automate many privacy compliance activities, which simplifies the incorporation, monitoring and enforcement of privacy policy into business processes.

    Adler noted that it could also help improve the overall management of privacy policies and processes by providing an infrastructure to support the consistent enforcement of those policies across the organization.

    Tivoli delivers a business-wide management platform to ensure that sensitive data is being accessed for approved purposes.

    “We have partnered with Deloitte & Touche to offer this service to businesses around the world,” said Adler. “And to see how it can work in each sector of business and each market.”

    For a free Tivoli Privacy Wizard download, visit     

    Facebook Comments