Home Data Security Vendor Relationship Management – Technology and Policy
News
Resources
Webinars
Events

Vendor Relationship Management – Technology and Policy

By in Data Security on Tuesday, 17 March 2015
Share Your Thoughts: Facebooktwitterlinkedin

tosIn the preceding two posts (On Robert Heinlein, Big Data and No Free Lunches and The BYOD Conundrum) on the risks and issues associated with the acceptance of the Terms of Service (ToS) associated with free (and purchased) apps, I pointed out the dangers that can arise by allowing wide-ranging access by app developers to personal and/or corporate data.

These dangers (or risks and issues) are very real, and the solutions available today are neither simple, nor easy to adopt by either individuals or companies. Today, the perceived value associated with collecting and processing vast amounts of data has allowed data collectors to sell databases of “anonymized” personal data.

The only options available to individuals are:

  • Decline the ToS and the capability of the app – this is a simple option, but one with a significant downside, the loss of the capability of the app
  • Conduct extensive research into the app ToS, develop an understanding of the implications of the ToS within the context of the application and the level of risk linked to acceptance of the ToS. This option allows users to understand whether or not the capability of the app is worth the risk, but it is extremely labor intensive and time consuming.  It’s highly unlikely that anyone would implement this option consistently

Companies have similarly limited and unappealing options:

  • Decline to implement BYOD policies and lose the benefits devolving from such a policy
  • Attempt to provide guidance to employees concerning the acceptability of app ToS. This option is no less labor intensive nor time consuming than the similar option for individuals. It is unlikely that a company can develop an effective BYOD policy in this area that does not infringe on individual rights – see National Labor Relations Board guidance on social media policies for an indication of likely NLRB BYOD guidance.

There is, today, a vibrant community of individuals communicating and leveraging their various areas of expertise to develop approaches for creating solutions that reduce or eliminate the risks and issues associated with high-capability apps linking individuals to vendors (via broadly scoped ToS, loyalty programs or other, similar links). These approaches encompass legal, social, economic and technological considerations. These approaches, captured broadly under the term Vendor Relationship vrmManagement (VRM), allow an individual to hold their own data and control it on a vendor-by-vendor basis, sharing only what the individual (data owner) permits to be shared. The people working on these solutions recognize, and are working to address, the critical importance of ease-of-use and multi-entity value exchange (individuals and vendors must both see the value in such a system or it will not be adopted). The solutions will be, broadly, comprised of a personal cloud and sophisticated algorithms that take care of all the privacy, security and definitional problems. The industry protocols that underpin such solutions already exist, and significant progress is being made toward fielding an implemented solution or even multiple, competing (but interoperable) solutions. Such solutions, when adopted by individuals and companies will permit people to address the risks and issues identified in the two preceding posts.

Beyond such solutions for individuals, these can also underpin robust and low-risk BYOD policies for companies. If company employees subscribe to VRM-like applications on their personal devices, they would be inherently protecting themselves and their employers from inadvertent disclosure of personal or company private/proprietary information.

In fact, it is also likely that companies could adopt the same solutions to create a B2B VRM system that would allow companies to improve their supply chain management while protecting company information and improving company efficiency.

The potential exists for a win-win-win improvement in personal and corporate protection of sensitive data – even in the face of data processing advances associated with “Big Data.”

It will remain important for individuals to adopt the VRM approach and for companies to understand their risks, craft policies and plans to eliminate or mitigate that risk and then implement those policies in a way that conforms to the guidance that will certainly be published by various governmental agencies. It comes back to PREDICT.PLAN.PERFORM.®

 

Share Your Thoughts: Facebooktwitterlinkedin
« Back to Blog