7.10.2. PET-toepassing

De algemene opvatting in de workshops was dat vanuit de informatiebeveiliging de middelen worden ontwikkeld om (persoonlijke) informatie te beschermen. Tijdens een workshop in Nederland deelde een `chief privacy officer' mee dat: "The tools that are in use are security driven. The IT dept identifies risks and how to mitigate it. Where there is a privacy/security risk there is special software to protect it. (...) There will be security tools whether that is a PET tool, or something else. (...) there are going to be more security tools, not primarily to protect privacy."1

In het algemeen gebruikt dit bedrijf geen PET, behalve de standaardbeveiliging door middel van encryptie:

Het bankbedrijf ABC gebruikt geen PET, hoewel ABC in termen van beveiligings- en IAM-architectuur zich op het hoogste niveau van maturiteit bevindt.3 Tijdens de workshop in Zurich gaven de vertegenwoordigers uit de bancaire sector aan:

"PET should enable us to do some kind of business. Of course it is interesting, it would remove the need for registration processes, it could be used in business relationship processes. But it is a long way, it is not just a technical issue, it is also a legal issue, regulatory issue. It is also a project feasibility issue, whether it can be made user friendly for the customer. (...) The privacy enhancing features should also be easy to use and it's benefits well understood. If you introduce too complicated features on Internet banking, such as hardware tokens, it is questionable how much the customer understands these features, so you would expect some customers to leave rather than be pleased."4