Balancing the benefits of data with the problem of privacy

During a panel discussion at Black Hat MEA 2022, about the governance and security of data around the world, Arwa Alhamad (Head of Cybersecurity at Sanabil Investments) said: 

“It’s a dilemma that there’s no unified definition of privacy globally.” 

And she’s right: the lack of consensus about what privacy really means makes it difficult to balance the benefits of data with effective and appropriate privacy controls. 

For individuals, this means that their personal approach to privacy has to be proactive and dynamic – everyone has to decide what privacy means to them, what they are and are not comfortable sharing, and what security measures they want to implement to protect their own data. 

What is data? 

Fahad Aljutaily (CEO at sirar by stc) said, “the data that we are talking about today is about everything. It is everything and anything. So really that is the definition of data. We’re talking about personal data, about organisations’ data, about government data. And not just that – today even our behaviour is data. It’s so valuable.” 

So in any discussion about data privacy, everyone involved needs to understand the scope of information that’s included within the word ‘data’. 

The latest estimates suggest that about 328.77 million terabytes of data is generated every single day. There has never been more data to protect – and data awareness is key.

According to Fahad Alduraibi (Director of Cybersecurity Center at the Communications, Space, and Technology Commission, Saudi Arabia), while the benefits of data for modern society are immeasurable, it comes with lots of important questions that need to answered at different levels – by individuals, organisations, and governments. 

“Data is awesome,” Alduraibi said, “it’s gold.”

But the questions it brings up include: 

• How much should we collect?
• Are we collecting enough information, or should we collect more?
• When we collect it, how are we using it?
• How long should we keep it for? Do we store the useful information and get rid of the rest – or should we collect years worth of data, and store it just in case there are problems in the future that could be solved quickly if we had that data to hand? 

Different cultures have different perspectives on privacy

Alhamad noted that she’s experienced different perspectives and controls on data in different places. “For the past year I’ve travelled to different countries as part of a program,” she said; “I went to Brazil, to the US, over here [to Saudi Arabia], and every country has a different view of privacy.” 

“Some countries, just to go to a fine-dining restaurant we had to do a fingerprint, they had to take a photo of me, and take a copy of my passport. And for other countries, you do not share your ID with someone else. So what is the definition of privacy? Is it by country, is it by person, and how is this changing?”

Obay Aljerian (Cybersecurity consultant and advisor) echoed this sentiment: 

“I don’t see a single country that has a definite answer, a definition of privacy.” 

So he urged that individuals look at two key factors in their own data privacy: firstly, the personal information that identifies them as a person; the information they want and/or need to protect in order to safeguard their identity and assets. And secondly, their actions and observations – “what we do on a daily basis, and who’s tracking us on our digital journey throughout cyberspace.” 

Different countries have different regulations to govern data sharing, storage, and security – but as individuals, “moving in cyberspace we have to be aware that each piece of information we volunteer online can stay there forever. So we really need to keep awareness at our forefront, helping each other move forward – because whatever data we put out there will always be there, representing us and representing who we might become.” 

The adoption of technology, Aljerian added, is amazing. “But let’s remember that the adoption of technology doesn’t always mean the invasion of privacy.” 

With awareness and care, it is possible to implement processes (including encryption and multi-factor authentication systems) to support your values when it comes to protecting your personal data. 

When it comes to tech, he said, “the positives outweigh the negatives, even with the collection of so much data and how we use that data.”