We recently hosted a Twitter chat with security experts on a handful of hot topics around online privacy. 

One of the questions we asked was, “Who should define expectations for data privacy?”

Dejan Kosutic: Organizations must define which information they consider private through classification process. Government should set the standards for privacy of individuals through personal data protection legislation.

RSAC Twitter Chat

Michael Santarcangelo: I favor individuals defining their own expectations for privacy I’ve found most people agree within a basic range; the key is that informed discussion. Allows for consistency.

Robin Wilton: Need to begin by recognising that there are many stakeholders with valid privacy expectations. My personal view: "PII" (personally identifiable information) should be re-defined as "privacy-impacting information also, of course, privacy law/regs need to account for the wide differences in privacy culture between societies.

Toby Stevens: @Dejan Kosutic but DP legislation fails time and again. Useless without effective enforcement, and is that possible?

Dejan Kosutic: @Toby Stevens I'm afraid most of individuals don't know the consequences of not protecting their privacy.

Michael Santarcangelo: I want individuals/biz to have freedom over their information; means choices. And responsibility, which means we are responsible to make it make sense and help people understand the consequences of different choices.

To read more from our Twitter chat, including the full transcript, visit our Europe Twitter community page 

Who do you think should define data privacy?  Do you agree with the experts or do you have a different take? 

Give us your ideas in the comments!