Friday, 5 August 2016

Privacy Engineering Procedures and Ebola

A seemingly unlikely combination: privacy engineering and ebola, though I guess there are similarities by which viruses spread with how personal data spreads around a company - another time and another study I think.

OK, so what the zark do these things have in common - the answer is via a convoluted path and actually is more related to how we react to an incident: privacy or medical (and we're back to safety-critical systems again).

Bit of background first: I've been reading about Marburg and Ebola recently - both are fascinating (and frightening) themselves, but what is more interesting from a procedural point of view is how they were discovered, researched and ultimately how we as a species react to them.

Ebola (via Wikipedia and CDC)
Now the procedural stuff, the CDC have a response plan for Ebola entitled: Identify, Isolate and Inform: Emergency Department Evaluation and Management for Patients Under Investigation for Ebola Virus Disease.

Worth reading just to understand how the CDC explain how to plan your due diligence - something we're exceptionally bad at in privacy ... we just scream PIA and COMPLIANCE !

The point here is that if privacy engineering is to emerge as a discipline we need to address our culture in how we react to incidents and even react in general. Learning from a discipline that already has to face critical incidents is a good start.

No comments: