advertise here



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

September/October issue

Driving data protection at DaimlerChrysler


Brian McKenna

Alfred Büllesbach is the chief officer, corporate data protection for DaimlerChrysler world-wide. He says that a good data protection policy is as important to a car manufacture as a good set of brakes.

Click here to view Alfred Büllesbach's Curriculum Vitae.

Not just a boring old cost, but a business enabler. Can this really be true of IT and information security? Alfred Büllesbach is a lawyer and information security professional who thinks it is. He reports to the board of management at
DaimlerChrysler, and testifies to the truth of the cliché.

"The customer wants their data to be protected when they engage with us in the normal daily sales and business cycle. And our employees want such protection too. Essentially, if we want the car to have a good image there has to be a good privacy policy attached to it".

These days, top of the line cars are vehicular computers. They have so much electronics on board that the engine and wheels seem like an afterthought. This technology enables 'traffic telematics' - information systems that, for the fortunate few, have superseded the battered old A-Z.

Büllesbach says of traffic telematics: "you have to respect different privacy policies. If you have surveillance systems in highways or cars you need privacy policies in place to reassure the customer".

The costs of privacy
The flip-side of 'security and privacy as an enabler' is cost. SA Mathieson's article in this issue of Infosecurity explores this matter, especially with respect to Germany. Büllesbach is reluctant to be drawn on the cost to DaimlerChrysler's business of its approach to privacy: "it is also hard to break down people's jobs in this area into what is security, what is privacy, and
what is something else".

And he makes the case for the importance of world-class data protection
to the production of a Mercedes Benz.

One could say that the peculiarities of German history explain the importance of privacy concerns to its business community and society. There is the obvious dark history of the Nazi period, but there is also the graduation of the student radical generation of 1968 into positions of leadership in civil and political society.

But Büllesbach paints a more general picture. "In all 25 member states we are on the way to harmonizing all legal regimes, including data protection. The 25 data protection acts are nearly all homogenous, and the EU Commission is working hard on this. Germany has a special system, sure, but so has everyone else.

"No, if you are looking to discussions around mobile, or ubiquitous computing, or RFID, or whatever, they are the same all across Europe. Scientists all have the same homogenous line of development — science is global. If we are problem-orientated, and look at the scientific discussion first, in the long run we will be
headed in the same direction".

He does, though, believe that the European data protection discussion is not "as fully engaged, continent-wide" as it could be. "My impression is that data protection awareness could be higher among politicians as well as top level administrative people".

Dr Büllesbach is keen to stress that "security is not a problem of nations, but is a global problem. The role of the IT security industry should more reflect that. The point is not just to protect IT but to protect the whole process — the IT plus the processing plus the data itself. The tendency just now is not to do that. We
need to think more in this way".

DaimlerChrysler's chief data protection officer has a staff of 10 in the Stuttgart headquarters, a mix of informatics people and lawyers. He also leads 150 data protection co-ordinators world wide.

US v. EU
DaimlerChrysler has a special philosophy regarding security. We argue that IT security and data protection is a special necessity for a modern and global-acting company". He reports that, within the group, systemic differences vis-à-vis privacy between Daimler, in Germany and Chrysler in the US led to a "broad discussion five to six years ago. In the US, there is no general data protection regime for the private sector; they have a collection of a lot of different acts for children, financial services, telecoms, and so on whereas in the EU we have an omnibus law. And within Europe there is UK case law versus systematic law on the
mainland"

"The DaimlerChrysler solution was to create different corporate codes of conduct for customer and contractor data, and another for HR data, in parallel with national laws. So now we have a corporate policy and philosophy that runs world wide". The policy came into effect two years ago, after three years of discussion.

Lawyers v. IT
Büllesbach sees himself both as an infosecurity professional and as a lawyer. "If my métier were just informatics that would not be enough; you need to know the legal side.”

He lectures at the University of Bremen, to students drawn both from IT and law. "The new challenges and interests among students lie in how law reacts to new technologies. They all want know about that — how can data protection be useful to bring forward new technological developments."

He agrees that IT people and lawyers tend to exhibit very different mind sets. "The technical people have their own way of arguing, and that is not always the same way as lawyers. But if we speak about an information society we have to integrate — more than law and informatics even. We have to integrate economics too, to come to a complete picture".

This pursuit of a holistic approach to privacy and security animates him. "The main thing I enjoy is to bring different modern ideas around privacy to bear on day to day practice in our business. My job is to create world-wide awareness for privacy and data protection in the minds of our employees. My philosophy is that data protection and security is a part of our products, and part of our competitive advantage. We need to have an internal awareness within the group which is able to act in accord with this philosophy".

Stepping back from his own company, Büllesbach is due to speak about the tensions between digital relationship management and data protection requirements at ISSE in Berlin in September. "In DRM we have a conflict — the problem is that when we deliver copyright we have to store usage data and personal data too, so it is important that we balance the different approaches. On the one hand, DRM is very important for some parts of industry on the other privacy questions are important for all customers". Despite his protestations to the contrary there is something a tad 'German' about the dialectical cast of this remark.

Dr. Büllesbach is speaking at the Information Security Solutions
Europe (ISSE) 2004, Europe's only independent IT Security conference, owned and organised by eema — the independent european association for e-business (www.eema.org).

ISSE 2004, 28-30 September, Berlin: Explore - Exchange - Interact
- Network — New Perspectives in IT Security & IT Business
Value: The Common Criteria Contribution. To find out more and register, visit: www.eema.org/isse

Back to features index



 

 
Search this Site:
Google Custom Search



Click here...