CookieLaw Blog April 15, 2014

Heartbleed and Privacy by Design


News of the Heartbleed bug has caused widespread consternation in the last few days, and a lot of scrambling to patch the millions of systems that may have been compromised.

Concrete evidence has now emerged that data has been lost from major services as a result of the bug, including Mumsnet and the Canadian Revenue.

The nature of the bug has basically made security on the internet look like a Swiss cheese – full of holes.  Whilst core system and service providers can patch up the bits in their own control, any unpatched node in the network could become a personal data leak .

And while Hearbleed may be the current biggest web security story, you can bet it won’t be the last.  The story of the web is that there will always be other holes, and plenty of people looking to exploit them.

The lesson that should really be learned here is that rather than simply focussing energies on the Sisyphean task of trying to fix all the leaks, at least as much effort should be going into reducing the value of the data poring through them.

This is one of the core ideas behind the Privacy by Design movement – minimise the amount of personal data you collect and store in the first place.  This means more than simply cutting back on data, but also using techniques for anonymisation that stop it even being personal data.

This of course is a difficult challenge.  Anonymisation itself is a contentious idea amongst privacy folks, with many claiming it is almost impossible to achieve in the world of big data.  However, the long term value of pursing this model, which would particularly benefit from the network effect.

By taking the time to build better privacy into a system at the beginning, you can worry less about the constant race against bugs and hackers, both of which are much harder to eliminate in the long term.

Recent Posts

January 13, 2017
Future of EU Cookie Compliance Webinar: ...

GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...

View Article
Recent blog thumbnail
December 14, 2016
Draft EU ePrivacy Regulation Leaked...

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the (PDF) website this week. The proposal is fo...

View Article
Recent blog thumbnail
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...

Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...

View Article
Recent blog thumbnail
September 21, 2016
Optanon Acquired by OneTrust...

We are pleased to announce that Optanon, along with parent company Governor Technology, has been acquired by OneTrust....

View Article

Be in the Know

Subscribe to our newsletter

Onetrust All Rights Reserved