A CSO's Guide to the World

Is it possible to adhere to local business customs without compromising security? Only if the CSO has a little creativity and a lot of trust.

Of the countries where I've been responsible for security, Japan easily has the most trusting societyâ¬so much so that I simultaneously admire them and fear for their safety. But it wasn't the only country where I had something to learn. Many other cultures, while considerably less trusting than the Japanese, have markedly different views of security than our own.

In China and Singapore, for example, civil liberties are not considered sacrosanct, and law enforcement will not hesitate to arrest and indefinitely imprison, without trial, people who are suspected of being terrorists. In Indonesia, following several high-profile bombings from an al-Qaida-linked group called Jemaah Islamiyah, the security in office buildings has been beefed up to levels far surpassing those of most American and European companies. Guards can carry automatic weapons, and all visitors are searched and must pass through metal detectors. Yes, the guards are very professional and thorough, but the process can be quite disconcerting to a Western visitor. Given the bombing of the Jakarta Marriott hotel in 2003 and the Indonesian government's terrorist warnings this year, though, most visitors fully understand the threat driving the increased security.

While Australia is much less militant, there I found the local police to be much more involved in antiterrorism programs with local building security guards than almost any other country where I've worked. I'm not sure why. Perhaps it is because most of Australia's population is located in six major cities, making coordination easier.

Europe's history raises its own set of issues. Citizens there tend to have much stricter notions of privacy than Americans, probably because Europeans suffered through the abuses of Nazi and Communist regimes and therefore have higher standards for how personal data can be collected and for what purpose. To be sure, most Americans value privacy, but they also view themselves as a nation of business. They are therefore more ready to compromise privacy in the interest of business or security. The recent disagreements between the United States and the European Union over the sharing of airline passenger data is one example illustrating this difference.

Different cultural attitudes, of course, translate into different regulatory environments. In Europe, both information and physical security are very much influenced by a privacy regulation known as the European Data Protection Act (DPA). Most Americans are under the impression that in Europe there is only one DPA, but that's not the entire story. Under European Union laws, the European Commission and European Parliament pass legislation such as the DPA, but it is then up to the member states to enact national legislation that implements, and does not conflict with, the overarching EU legislation. The member states are also tasked with enforcing their own national DPA. As a result, regulations and their enforcement can vary widely.