Paul Wing: Privacy's Northern Light

Paul Wing, former Scotiabank information security leader, says Canada and the United States need revamped privacy policies and practices

That's another principle that must be developed: destruction of credentials. Not only are they collecting information they don't need, but there's also no reason for many places to keep the information they keep.

What are some of the other principles you're advocating?

Choice of risk. Enterprises should give citizens choice of the strength of authentication they use. If I choose a four-digit PIN then that's my risk and my responsibility. If I want, I should be able to demand multifactor authentication. What we're not doing as enterprises consistently is giving consumers the choice of how they want to protect themselves. I don't know, but I suspect, given the money we spend on things like cell phones, that if you said for an extra dollar a week you can have better security through, say, a USB token, most people would say, Sure, that's worth it. I think consumers would pay for the cost of the extra stuff, for two- and three-factor authentication. When I buy a car I can decide the safety features I want. What do I want to pay for a higher crash rating?

Another thing which I now encourage my lecture audiences to do is to tell white lies. For example, I will change my DOB for someone I deem not worthy of that information. I have an algorithm for my "second date of birth." Part of the boomers' and elderly's ethic is we weren't allowed to question authority. So part of what I deal with as a privacy advocate is to tell people it's OK to say, No, you don't need that information, and that it's OK to tell a fib and give a date of birth that's not quite the truth.

That's the second time we've talked about boomers and the elderly. Are there generational forces at play regarding privacy?

My sense here is that people enjoy the convenience of the Internet to do things, including the boomers and elderly, but they're giving up on some things. They're not doing as much online because of security and privacy, but they still dabble in it. Having said that, there will be paradigm shift at some point, because the younger generation doesn't yet understand the privacy argument. I've seen statistics out of the University of Ottawa that a huge percentage of kids admitted to giving away personal information on the Internet. These are kids under 16. And, here's the scariest part: A large percentage admitted to giving away information about their parents.