Thursday, November 15, 2007

IGF 2007: Consumer Protection and Data Breach Notification

I was a Panellist for this session on Day 3. When I was first approached to be on this panel, I had some idea of the background surrounding the issue, but only when I read through some of the literature provided by the organisers did I get a real appreciation of how grave the issue is, indeed it is potentially a disaster waiting to happen. When we add the attempts to get the next 1 billion online to the mix, the ramifications are potentially even worse. As Hank Judy pointed out, there is a lot of software out there which is pirated and therefore unlikely to get security updates and these machines are highly susceptible to nasty use and abuse.

This week the EU announced a new proposal for data breach notification, which applies to systems connected to publicly available networks. It goes without saying that the next billion coming online, a majority of which are from the developing world, will face substantial data breach issues as they embrace e-commerce and the use of online technology to effect financial and other transactions. It is possible that in the rush to embrace technology, and in the absence of appropriate legislation, some security measures may be overlooked, paving the way for massive data breaches and possible theft of financial and other information. This adds to my earlier stated security concerns with the next billion coming online. Its not only the next billion online, but also a new billion vulnerable online.

I hope that the IGF pays attention to these wider issues related to Internet development, and more attention is paid to such “under the radar” issues. Kudos to David Satola and Henry (Hank) Judy for organising the session, and its a pity the IGF Secretariat allocated what was a lousy time slot (in the face of numerous open slots published in the agenda). I hope David and Hank continue to work on this for the IGF and further work is done at IGF Delhi and beyond. I also hope that consumer protection issues (related to electronic transactions, storage, etc. in particular) become an important part of national policy formulation in developing and emerging countries. This was also evident by comments from the audience.

No comments: