Information security is about three things – confidentiality, integrity and availability. IT security people who think that it’s only about the first two of these have lost touch with where the money to pay their salaries comes from. For information security to be effective it has to be fair and reasonable in the eyes of most employees or it will never work. Communication and getting buy-in is as critical as having the right policies in the first place.
So, good on the people at Privacy International for their campaign to shame those organisations that overstep the mark by introducing truly mindless and overbearing security. They are doing nobody any favours and deserve a good pelting.