Speaking at the DigiCert Security Summit in San Diego, DigiCert senior director of business development, Dean Coclin, said that “identity data is created on us all of the time,” but asked how protected it is.
He said that as we browse we create more and more data every day, and this data is about us and we should be sure it is “kept secure and in the right format.” Now with more devices available, cloud computing and IoT, we have ended up with the situation where we have big data, but not the “big data biology” on how it should be managed.
He said: “It is my data, not your data, and what is generated should be known by me and not some other company.” Citing the introduction of the GDPR in Europe in 2018 and the California Consumer Privacy Act (CCPA) this month in the USA, Coclin also referred to other legislations that had not passed, including the New York Privacy Act, which he said was “stronger than CCPA and gave private right of action.” However, he added that this failed in a legislative session, and he suspected that other proposed privacy laws would not pass in the current political climate.
Focusing on anonymity on the web, he said that there is a push to be more anonymous on the web, and particularly in the case of electronic voting “as you don’t want people to know who you voted for.”
Elsewhere, he said it was the same with email and IoT, that with the former you want to know that who has emailed you is actually that person, and with IoT, you want to know which devices are trusted and authorized to join your network.
On the other side, there are those “who do not want to be identified and cases where identity is important” and that is where Tor is important.
“Ideally for consumers, a strong privacy law is something that they need,” he argued. “For companies trying to comply, an over-arching privacy law, whether at state, federal or country level or global level would be even better, would be fantastic.”