Author: Stéphane Nappo, Global CISO Société Générale International Retail Banking & Board Advisor
Nowadays, data privacy mainly depends on security precaution unilaterally taken by corporates, governments, and other key players in society. Despite all technological evolution, privacy respect remains directly connected to democratic values, individual trust, and Human Rights.
There is a tendency for some professionals to consider that we should put into perspective the value we gain from advanced technology and the privacy we should lose. “If the product is free, you’re the product!” What a paradoxical slogan… Giving away our privacy in exchange for free services is almost as if we have to donate blood and DNA just to play a video game. This makes no sense, especially when we consider that personal Data is the new oil and generates huge profits.
The right that someone has to keep their personal life or personal information secret or known only to a small group of people is fundamental and priceless. Thus, protection of private information and personal data is crucial.
While some areas such as the banking and insurance industries have demonstrated that technology development is not incompatible with data privacy, it must be recognized that this is not really so simple in order to protect massive flows of dematerialized, replicated and very fast circulating information, particularly relying on open and shared systems.
In this context, an exclusively technological approach is inadequate. Each technology brings benefits and vulnerabilities that appear more or less quickly, but surely. Along with GDPR, A strong legal framework to protect privacy rights is a key enabler of the individual confidence and a pillar of a sustainable digital business development.
Beyond personal rights respect, data privacy is also a matter of IT security, processes, and business ambition.
An analogy with road safety can help to quickly understand the way forward and the scope of work. Car driving can be highly risky, and the risks related to this topic are not mitigated with action limited to the car technology. From a holistic point of view, road safety management results from an “ecosystem” including mainly the car, the road network, the law, the road signs, the driver education, and the control of bad behaviors .
This illustrates why we can’t solve a high-tech concern only with more high-tech. A systemic approach of the whole privacy ecosystem is necessary: This approach should encompass technology, exchange networks, regulation, prudential communication, user culture and sanctions for unacceptable behavior.
Digital services Freedom stops where that of users begins. Governments, Companies, and people must reverse the dangerous current trend of unmanaged privacy. Beyond the global societal topic, I deeply believe this is a real win-win interest, both for the digital provider, and the service consumer.
To maintain customer trust and profits, providers, helped by regulation (GDPR…) will have to ensure a holistic digital trust: The “Smart-Privacy”.
Stéphane Nappo has been Global Head Information Security for Société Générale International Banking since 2011. Present in 67 countries, this pole employs over 71, 000 people and has 30 million clients distributed within 40 autonomous banks and 90 entities all delivering financial services.
He was a senior consultant specializing in IT security as of 1995. His extensive training in telecom, business administration, and law, allows him to have a unique approach towards solving technological and business-related issues. He has worked for over 80 organizations in numerous sectors.
He implements conventional risk management methods with a systemic and pragmatic approach to complex problems. Based in Paris, he operates regularly in Russia, Central Europe, and Africa. His current mission targets digital services security, anti-fraud prevention, incident response and the digital transformation of information security.