Encryption. Cybersecurity. Privacy. Password protection. Those are just a few keywords from the headlines of one recent report of a leading US newspaper this year debating security and privacy in our modern world. The topic is everywhere in the news, of course. Data breaches of major impact have become routine occurrences: Target in 2013, Sony in 2014, Equifax, Uber, and Yahoo in 2017, and who can forget Facebook in 2018? But, how much do you really know about cybersecurity? And, perhaps more importantly, how much do you know about who has access to your personal information and for what purpose are they using it? Should the data-collection genie be put back in the bottle? Is it even possible?

While the issues raised above have personal resonance, they are also ones that companies are wrestling with. At Cantina, we’ve launched a “Data Privacy and Security” working group ¹ in order to consolidate Cantina’s efforts in these areas and provide guidance when it comes to current security-related trends in tech. We’re also contemplating the ethical implications that go along with the work we do in innovation, digital strategy, and design, and how best to share our work through education and outreach.

Part of the reason that private companies find themselves in the business of crafting their own path forward in this arena is a lack of government policy and oversight of these issues in the States. Though Senator Ron Wyden is at the fore in trying to create a national-level oversight framework, the fact is that most Americans aren’t tuned in to the need for one, because:

• they don’t know what data is being collected from them, or how;
• they know data is being collected, but don’t understand why they should care;
• they know that their data is being collected and don’t like it, but don’t know what to do about it.

This scenario is a perfect storm for undercutting the process to evoke legislative or economic pressure to rein in invasive, data-grabbing corporations. It hampers any meaningful momentum to create something on this side of the Atlantic similar to GDPR.

At Cantina, we have a general concern about privacy and security in the tech sector–thinking in terms of individual employees, our company, and clients–and how we’re using this opportunity to crystallize our thoughts and actions. Our members have already made contributions to the company blog on the topics of Zoom and Apple, and we are intent on using insights from ongoing internal interviews we’re holding as fodder for future installments.

Here are some of those interview insights from our leadership team:

George White, CIO

“We should all develop a healthy paranoia about security and privacy. Privacy does not just 'exist', and the idea there's some natural state of privacy is an illusion. Intentional privacy in tech needs to be fought for.”

Adam Stachelek, COO

“For a great many online resources, the exchange in value is not always clear to users, in that they don’t really know what they’re giving up to get the value of that service. This is not new, but the conventional wisdom is: if you don’t pay for the product, you are the product, or rather, your personal data and online habits are. Given that users are typically not well-informed about these issues and often are not well-equipped to understand what they’re giving up, I think we have a great opportunity to think holistically about the user’s experience and needs during concept, design, and implementation to help them make better-informed decisions.”

Shaun Gummere, SVP, Experience Strategy & Service Design

“We need privacy to have democracy. It’s a question of honesty, accountability, and responsibility. The ground under these issues keeps shifting because there isn’t agreement on the role and value of privacy to society. Constant surveillance and manipulation destroys the conditions for a functioning civic life.”

Matt Chisholm, CEO

“The biggest ‘nasty’ surprise in security relates to the desire for technology in our daily lives, the value we gain with its use, and the unknown risks we are taking. When it comes to cybersecurity, it’s time for companies and customers alike to become educated because data privacy and security are about risk management. There are tradeoffs between rights, responsibilities, value, access, and the risks incurred. The current pace of technological change makes it impossible to defend against all of the risks at stake as many may be unknown. Creating safer cyberspaces requires better knowledge and awareness for both users and the companies that take responsibility for their data. Cantina endeavors to help educate our clients in these areas and help them build the trust they share with their customers.”

Our Data Privacy and Security Working Group has already begun to form a general action plan and a set of guiding principles arising from the broad consensus among our leadership, to provide continuous exploration, content creation, and internal education within the security space. Privacy and security are important aspects of the work Cantina does and the services we provide. The working group will help inform the company’s evolving perspective on associated relevant topics.

Our working group would love to hear your thoughts and challenges around data privacy and security. Please reach out and keep the conversation going.