The Impact of Privacy and Data Protection Legislation on the Sharing of Intrusion Detection Information

Abstract

The global nature of the information infrastructure presents enormous opportunities to organizations. However, global interconnection also means global risk and implies the need for global defence. A central aspect of global defence is information sharing, and at as early a point in the incident cycle as possible. This implies the sharing of intrusion detection sensor data. The growing recognition of the requirement to respect personal privacy is bearing fruit in the passage of personal privacy and data protection legislation, which generally limit the ability of organizations to share personal information. Based on the broad definitions of personal information found in the legislation, source IP addresses, one of the key elements of information used in tracing malicious activity, may be considered to be personal information, and would therefore fall under the purview of the privacy and data protection legislation. There are, however, exemptions for the sharing of information that could be extended to permit the sharing of intrusion detection information while still meeting the intent of the surveyed legislation.