For many years, data security & privacy had come under the umbrella of information systems security. This time is over, due to the increasing decorrelation between container (application or physical structures) and content induced by emerging virtualization technologies, cloud computing and new economic models. Data has become an “object” per se and is now to be treated independently from its container.
Several working axes have been identified and will be reviewed by the Scientific Committee before the call for contributions, which will be launched at the end of April:
Axis #1: Data as a fuel for digital transformation
Data are omnipresent and come in many forms and shapes. Examples range from personal, social, medical and bank data to passenger name records (PNRs) and corporate, geolocation and safety data. But is this segmentation by usage or field of activity still meaningful? How can we manage data regardless of the devices used? Beyond the metaphor, are data truly a “new black gold”?
Axis #2: Data control as a sovereignty issue
A powerful “data industry” is a key asset in today’s global competition and a major component of any strategy of power. In this respect, Europe seems to be lagging way behind the United States. Its intensive data usage, combined with the weakness of its local offer, obliges it to massively export the data it produces, mainly to the US. How can we move from an “offered Europe” to an “open Europe”? How are the other continents doing in this respect? Is this all about “geopolitics of data”?
Axis #3: Data as a threatened capital
While denial of service attacks target infrastructures, the hackers’ ultimate objective is often data, be it for cyber crime (data theft, cryptolocking, etc.) or spying purposes. What are the latest trends? What are the cybercriminals’ modus operandi? How can we assess the value of data when launching proceedings?
Axis #4: Data and the law
The concept of data is an immaterial notion that raises many legal questions. Can we apply the notion of property to data, and more particularly personal data? What is the connection between data and territory? How can we effectively implement the right to be forgotten adopted by some countries? How should we define data theft in criminal law?
Axis #5: What data security & privacy strategies should companies adopt?
In companies, data security & privacy is based on a comprehensive approach that includes data classification, data assessment, risk analysis, and design and implementation of a security & privacy strategy. However, the development of cloud computing and the ever-increasing outsourcing of IT services raise a certain number of issues. Can we “safely” use a CRM or ERP tool in the Cloud? What are the consequences on data control? How can we insure data-related risks?
Axis #6: Which technologies can guarantee data security & privacy?
Today, information systems security managers can guarantee the security and privacy of their data thanks to an array of tools and technologies, ranging from protection tools and secure destruction to data leak detection and investigation. Are the pace of technological progress and the “time-to-market” constraint imposed on publishers by the market compatible with the organisations’ relatively slow adoption cycles? With this same “time-to-market” constraint, how can we integrate security by design into the apps offered to the users?
Axis #7: Data and sector-based issues
Digital transformation and the data feeding it irrigate all the economic sectors and human activities. Thus, data are at the heart of the “smart revolution”, which impacts both individuals in their daily life and society/companies through connected objects and “omnipresent IT”. What are the data-related issues faced by “smart cities”, “plants of the future”, the medical sector, etc.?
Axis #8: Society and data-related ethical issues
Digital transformation and the exponential data growth it produces also represent a wealth of opportunities. Yet, the pace of this evolution and its major impact on human beings require that we step back and ask ourselves ethical and philosophical questions. For individuals, what does “privacy” now means? Is it possible to put users back at the heart of this transformation by enabling them to regain ownership of their data? Lastly, should we copy the bioethics law and pass a digital ethics law to define a data usage framework for predictive or surveillance purposes?