Protecting identity and privacy in digital spaces
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
Identity Access Management (IAM) and data privacy are at the heart of our digital lives, impacting us all in ways we might not immediately notice but feel every day. As a privacy professional, I view IAM as a kind of digital gatekeeper, deciding who gets in and who stays out. It’s not merely about security; it’s about respecting the person behind the data, recognising that every log-in, every permission granted, is connected to a human being who deserves to be treated with care.
Let’s consider this from a personal perspective. Imagine that every time you enter a new app or website, you’re stepping into a building filled with rooms that contain fragments of your life: your photos, bank details, location history, and even your preferences and routines. You wouldn’t want just anyone wandering into those rooms. You expect those doors to be locked, and you want to decide who holds the keys. That’s what IAM is meant to do — act as the gatekeeper that respects your boundaries.
IAM is fundamental to data privacy because it controls access to your identity in a way that should be secure yet straightforward. But here’s where it becomes challenging. On one hand, businesses want to make it easy for you to use their services without excessive authentication hurdles. On the other, they’re legally required — and morally bound — to protect your data from falling into the wrong hands. Balancing these priorities is incredibly difficult, and when it goes wrong, we all see the consequences. A data breach isn’t just a technical failure; it’s a failure of trust. It’s a company admitting, “We didn’t protect you as well as we promised.”
In my experience, IAM systems often falter because they’re either too lenient or overly restrictive. A company might prioritise user convenience over strict security controls, allowing people to reset passwords with minimal verification or setting up single sign-ons across multiple platforms without properly assessing the risks. It feels convenient for the user, but it’s like leaving a key under the mat — great until someone else finds it. Then there’s the opposite problem, where security measures are so tight they frustrate users, leading to endless complaints or workarounds that compromise security even more. IAM is a constant balancing act, and getting it right means understanding that it’s not just a technical choice; it’s a decision about people.
With laws like the GDPR in place, IAM has become even more crucial. These regulations don’t just demand security; they require accountability and transparency in how data is handled. That means companies can’t just grant open access to everyone. They need to define who needs to see what, and just as importantly, who doesn’t. This might sound simple, but in a large organisation with multiple departments and systems, it’s like a complex game of access control. Each permission level must be scrutinised, each access point carefully managed. And when you’re dealing with people’s data, any misstep can have serious repercussions.
One of the hardest parts of my role is helping companies build IAM systems that not only comply with privacy regulations but also respect individuals. Data access is a right, not a privilege to be handed out carelessly. Every access request, every role assignment, must be considered carefully, with the individual’s privacy at the core. But this doesn’t happen overnight. It requires training, auditing, and constant refinement, all while keeping pace with technological change.
Yet, IAM isn’t only about restrictions; it’s also about giving individuals control over their data. Imagine a world where you can see who has access to your information, where you can review which companies have your data, and decide if they still deserve that privilege. Imagine having the power to revoke that access as easily as deleting an app. This level of transparency and control isn’t just a lofty vision; it’s where IAM should be heading. And as privacy professionals, we have a duty to help make this vision a reality.
But it’s a complicated journey. We face challenges like password fatigue, systems that don’t integrate well, and the sheer volume of data we generate daily. With every new device we use, every app we download, IAM becomes more complex. But that’s what makes this work important — it’s evolving because our digital lives are evolving. And in a world that’s increasingly online, IAM is the mechanism by which we protect not just data, but dignity.
In the end, IAM isn’t just about security protocols or permissions. It’s about ensuring that the digital representations of ourselves — our identities — are respected and protected. It’s about recognising the person behind the data and committing to keeping them safe. That’s the human side of IAM, the part that drives me every day in my work as a privacy professional. This isn’t just a job; it’s a responsibility, one that’s about much more than code or compliance. It’s about keeping people safe in a world that, every day, asks us to reveal a little bit more of who we are.
- business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com