When it comes to data protection and privacy today, there is much discussion about the future of regulation and business practices in a globalized environment where information flows across borders like water. How will yesterday's regulatory and business accountability models evolve to help face tomorrow's data protection challenges? What would this new model look like? How would it work? How can it ensure the consumer is adequately protected? To face the challenges of today as well as tomorrow - the growing diversification of information collection, and the global flows of this information - an entirely new model is needed, one that will require a fundamentally different type of partnership between policy-makers, regulators, business and civil society. Why is such broad change needed? Simply put, there are three reasons: Today's regulatory models were designed for a different era. Data flows much differently today than it did a decade ago, and it will flow much differently a decade from now. Organizations, both public and private, have not shown enough accountability to meet the data-protection challenges of this new world. As a result, today there is too much responsibility placed on the consumer. The future of data protection will require much more than simply talking about the regulatory model. Yes, the regulatory framework needs substantial change. But the business accountability model must also change, along with the way business and regulatory communities engage with each other. To get to a more acceptable point, business, government and civil society are going to have to work together in fundamentally different ways. Those who set and enforce policies must become adaptable. And at the same time, as the keepers of valuable personal information that often cuts across national boundaries, organizations must become more accountable to common standards of data protection. The above is a small excerpt of the remarks I shared earlier today at the 30th International Conference of Data Protection and Privacy Commissioners in Strasbourg. The entire speech is below the fold. ...

Peter Cullen, Chief Privacy Strategist at Microsoft, spoke at a forum September 8, 2008 at the Churchill Club in California. During the forum, “Personalization versus Privacy: Balancing Business and Customer Interests,” Peter addressed how Microsoft builds...

Kim Cameron, Chief Architect of Identity in the Connected Systems Division at Microsoft has an interesting post up about at his Laws of Identity blog on the vulnerability of passwords to "site redirection ", a problem that Information Cards don't have...