New Cisco VP: Privacy Must Not Be Sacrificed By Big Data

Even though technological advancements had made it easier than ever to violate end-user privacy, vendors must continue to protect their customers from unwanted intrusions.

"Privacy engineering is taking a new definition of privacy that does not mean secrecy or shame or hiding away," said Michelle Dennedy, Cisco's new vice president and chief privacy officer (CPO). "It means the authorized processing of personally identifiable information according to fair principles."

Since data is an asset, people should be able to decide on their own what information they wish to share about themselves, and with whom, Dennedy told more than 500 people Thursday at the Business Innovation Factory (BIF) 2015 Summit in Providence, R.I.

[Related: Security Expert: Cybercrime Dangers Multiplying With Rise Of IoT, Automation]

"A person can be distinguished from a pile of metadata," said Dennedy, who started Monday as Cisco's CPO. Before joining Cisco, Dennedy spent almost four years as a vice president and CPO of McAfee/Intel Security, a year as vice president of security and privacy at Oracle, and nearly 10 years as CPO and chief governance officer of Sun Microsystems.

Dennedy said she strongly disagreed with two of her former bosses -- Oracle executive chairman Larry Ellison and Sun Microsystems Co-Founder Scott McNealy -- who considered privacy to be dead in the Internet era.

"I had a CEO [Ellison] who said you have absolutely zero privacy, and topped it off with a hearty, 'Get over it,'" Dennedy said. "I think there is privacy."

Dennedy cast an eye toward history to get a sense of how, if at all, personal data can be used. She cited both the 1960s, when many decisions were made on what fair processing of government information looked like, as well as Hammurabi's Code from ancient Babylon, which stipulates "what's mine is mine and what's yours is yours" as guiding principles.

"Even though the technical capability of violating someone else's privacy is there, the Code picks up where the hardware does not," she said. "We have history to learn from."

Dennedy said she and other privacy engineers are on the forefront of combining privacy and security to innovate and create value.

"I thought everyone talked about metadata models at dinner," Dennedy said. "Turns out they don't."

Privacy issues will become even more paramount as cloud, smart cities and the Internet of Things become ever more pervasive, Dennedy said. As privacy engineer, Dennedy said she is most concerned with the point where big data touches an individual interface, ensuring that the right pieces are shared with the right people.

Privacy engineering needs more creative people, such as storytellers and artists, to help distill the boring 25-page privacy policies of today into something evocative so that end users have their minds in the right place as soon as they open an app, Dennedy said.

Dennedy hopes corporate boards of directors will engage more meaningfully with privacy issues in the coming years, developing a privacy protocol, determining what their data assets are worth, and coming up with a way to measure the effectiveness of their privacy procedures.

"Fifty years from now," Dennedy said, "it will be ludicrous to run any sort of business without a data profitability score."

PUBLISHED SEPT. 21, 2015