“Regulatory regimes are proliferating, becoming more complex”: Bonnie Butlin on data protection

Avatar photo

Contributor

Author Bio ▼

Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
January 23, 2018

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

IFSEC Global caught up with Bonnie Butlin, who topped the security management category in our Top 50 influencers in security & fire 2017.

The co-founder and executive director of the Security Partners’ Forum (SPF) discussed data protection regimes around the world, the elevation of security and cybersecurity up the global list of priorities, the hurdles facing organisations as the GDPR looms, and the role of automation in data handling.

Butlin, who also co-founded the Canadian Cybersecurity Alliance (CCA), is keynote for a forthcoming event exploring the ramifications for video surveillance operators of the GDPR, which comes into force in May.

Sponsored by Genetec, the event also features a round table discussion about the best policies and best practices when implementing a coordinated and unified security vision within a multi-stakeholder model.

Unfortunately registration has now closed for the event, which takes place Wednesday 31 January at the Royal Air Force Club in London.

IFSEC Global: Hi, Bonnie. To kick off can you give me a brief outline of your role in the industry?

Bonnie Butlin: We’ve been quite active, not just in Canada but internationally, in security fields across many disciplines, including cyber security, over the past six years.

And it’s given us a really interesting view on trends and what’s happening globally in security.

IG: Security in general has risen up the agenda in recent years. And the physical security sector has really started taking notice of cybersecurity in particular in the last year or two. Why do you think that is?

BB: I think it’s a combination of factors.

One I think is 9/11. There were changes post-9/11 in how we viewed security. Different variables and factors changed. And how the public has absorbed the concept of security and how that has changed within society.

“We’re starting to see a divergence in how countries and regions of the world address privacy and this prolific nature of cyber”

Technology, cyber backbones and platforms have entrenched into our lives. How we use those platforms, and their effects on people’s lives, have not always caught up with how prolific they have become and their impact on our lives.

And I think this is part of what’s so interesting behind GDPR, and other legal regimes or attempts to address these changes in a robust way. We’re starting to see a divergence in how countries and regions of the world address privacy and this prolific nature of cyber.

IG: Does that in itself cause a problem where different jurisdictions have different approaches? Because borders between nation states seem redundant in terms of the reach of cybercriminals…

BB: It makes the situation more complex. From the Canadian perspective, a lot of the data goes into the US, which is going in some ways more liberal with the use of data and personal information. Whereas Europe is going in some senses more conservative with the use of data.

The Supreme Court in India delivered a decision recently that identified privacy as a fundamental right. This is a departure from other jurisdictions and regimes around the world.

These differences in jurisdiction are playing a role in how we deal with privacy and operations, as are international trade agreements.

IG: What expertise or insight will you bring to the forthcoming Genetec panel?

BB: I would like to explore the international perspective, but also how privacy is interacting with different aspects of our lives, including the control of our information within commercial spaces.

IG: There have been reports that a significant portion of businesses are woefully unprepared for the GDPR. What are the biggest hurdles that organisations are struggling to surmount?

BB: I think there are a few variables. The number of compliance and regulatory regimes are growing and seem to be becoming more complex and onerous.

Standards are becoming more specific. And there are more standards available now, which makes it hard for organisations and companies to navigate them.

Organisations are often limited in the resources that are available to them. Smaller organisations in particular often don’t have the dedicated personnel or expertise involved to be able to react quickly to these changes in-house.

And it’s not necessarily in their line-of-business expertise. And it’s a big ask for people to bring in expertise quickly in a field that isn’t theirs.

AG: Do you expect the GDPR to have a positive impact?

BB: I find it a positive change in a sense that there is this growing emphasis on how we view data. It’s not just a product or a thing, but it belongs to individuals. And that focus on the people aspect is, I think, new.

It’s challenging because we haven’t as a society, or even globally, thought about data in that way. The technology in one sense got ahead of us.

It’s only now we’re starting to grapple with those after effects or the new reality of it having deep impacts on individuals.

The sheer volume of data now generated surely means only more automation can equip companies to properly analyse, store and secure it adequately…?

BB: That’s a really tricky piece too. Additional automation focuses on processes and tools as being at the centre of the problem and the start point for the solution.

To complement this, more discussion at the strategic levels regarding how we treat people’s data in society – from a people perspective – would support a balanced, more sustainable, and comprehensive approach and way forward.

We’re coming up with solutions and tools and technology, but perhaps there needs to be more discussion about why that needs to be the case. And that brings in other disciplines.

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

IFSECInsiderPodcastLogo

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Topics: