Have we reached peak privacy? How good IAM and privacy can coexist

Why privacy needs to remain at the forefront of identity and access management.

Data privacy has made big headlines in the last 12 months. Wherever we look there is an article about a data breach, a data protection regulation update, or a colleague talking about data privacy. It may have all become too much, and we have to ask ourselves, “Have we reached ‘peak privacy’?”

In the identity space, data privacy was never really a consideration until we entered the realms of the consumer. In enterprise identity and access management (IAM), although we rarely, if ever, mentioned privacy despite the fact we were using employees’ personal data. When the enterprise perimeter earthquake happened, and we moved our IAM services to cover consumers and citizens, data privacy started to enter the industry parlance.

Why it is important to not become jaded about privacy

Data breaches and privacy violations can almost be thought of as a kind of ‘digital trauma’. When I heard about the Collective #1 data breach that exposed 773 million data records, I thought, “Oh no, not again.” I searched HaveIBeenPwned and sure enough, my email address showed I was part of the data breach, but I didn’t feel worried, as I should be, because I have become desensitized.

Desensitization is a common issue among people who experience trauma. For example, teenagers who are subjected to real-life violence become less affected by acts of violence than their counterparts who have not been exposed. If you experience something over and over, you do get used to it happening. That does not, however, mean that it should be tolerated.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!