What You Must Know About DRM

11 Step #6: Introduce at the source level, the rules and controls developed in Step #5 This step can be combined with Step #5 if the developers of the architecture rules are also responsible for implementation. When deploying these rules, there are numerous implementation challenges, including ensuring that associated costs remain under control; estimating the size of data storage containers; ensuring that rights management is still feasible while ensuring that personal data is not compromised; finding data distribution mechanisms that maintain data quality across all processors; operating within different jurisdictions; and carrying out successful logging and auditing of data processes. 37 Despite such challenges, the above tools and models provide a reasonable idea of how to build privacy into DRM. Step #7: Deploy and audit, through a model of continuous improvement -- review expectations and requirements The final step is unlike the others because it is one that requires repetition throughout the operation of the DRM service. One of the most important rules in gauging whether DRM technology is sufficiently privacy protective is to remember that "overall, privacy is [only] as strong as the privacy offered by the weakest link." 38 Auditing ensures that the host organization will be in a position to identify any weak links within the DRM system. It is up to the DRM host organization, through the privacy environment it established in Step #1, to conduct an end-to-end privacy audit of the DRM process. The host organization may select an outside auditor such as Watchfire, 39 which would dig through all the organizational and electronic processes to determine system weaknesses. A Harris Interactive survey found that 84% of consumers believe that independent verification of privacy policies should be a requirement for companies. 40