Posted in February 2014

Cybersecurity

Why Privacy Pros Should Embrace NIST’s Final Cybersecurity Framework

By Richard Santalesa, CIPP/US

By now the saga is familiar. After the White House tasked the National Institute of Standards and Technology (NIST) last February with developing a “Cybersecurity Framework” to reduce cybersecurity risks connected with “critical infrastructure,” a year to the day later, NIST released its final Version 1.0 of a “Framework for Improving Critical Infrastructure Cybersecurity” along with a companion “Roadmap” and supporting documents.

The many NIST workshops and weekly conference calls over the last year—Full disclosure: I took part in many of NIST’s working group calls—initially resulted in a draft and then 44-page preliminary framework, released last October and covered by the IAPP here. The preliminary framework spurred significant discussion and controversy during the 45-day public comment period following its release, primarily in connection with the “Privacy Methodology” depicted in Appendix B.

More from Richard Santalesa

Opinion

The Big Issues for the Retail Industry and Mobile Device Tracking

By Todd B. Ruback, CIPP/US, CIPP/E, CIPP/IT

Mobile device tracking is a big deal in the retail world, a very big deal. So big that it can transform the retail industry. Which is why last week I attended the FTC’s Mobile Device Tracking Seminar to learn more.

Here’s the big picture.

More from Todd B. Ruback

Big Data

Can We Balance Data Protection With Value Creation?

“Data People” by Andrés Opcional

In the last few years there has been a dramatic change in the opportunities organizations have to generate value from the data they collect about customers or service users. Customers and users are rapidly becoming collections of “data points” and organizations can learn an awful lot from the analysis of this huge accumulation of data points, also known as “Big Data.”

Organizations are perhaps thrilled, dreaming about new potential applications of digital data but also a bit concerned about hidden risks and unintended consequences. Take, for example, the human rights protections placed on personal data by the EU.  Regulators are watching closely, intending to preserve the eight basic privacy principles without compromising the free flow of information.

Some may ask whether it’s even possible to balance the two.

More from Sara Degli Esposti

Practical Privacy

What Makes a Good Privacy Officer?

By K Royal, CIPP/US, CIPP/E

Recently, as I was speaking to a talented group of law students, I was asked the above question. This has also been a related theme underlying some of the recent posts on the IAPP Privacy List. I’m not sure if this list is what those who want to enter the privacy field should cultivate in themselves, what current privacy officers are like or what we should be aiming for as a profession.

To build this list, I searched online for the top 10 traits or characteristics of compliance officers, salespeople, CEOs and managers. In essence, I could stop this blog entry now—that is what we are and should be: compliance officers, salespeople, CEOs, managers and let’s include janitors as well. In fact, let’s look at it that way: What job skills does one need to be an effective privacy officer? If we were to brew the perfect privacy officer, what career fields would we throw into the kettle?

More from K Royal

Cloud Computing

Cloud Computing Contracting and Compliance: Why All Privacy Pros Need to Get Up-to-Speed

The cloud is going mainstream.

Many organisations are embracing cloud computing enthusiastically as a means to improve business processes while, potentially at least, making substantial cost savings along the way. Others, meanwhile, are proceeding at a more measured pace. Cautious adopters include companies that operate in heavily regulated sectors such as financial services and healthcare, as well as many government agencies and other large organisations with substantial investments in legacy IT systems and processes.

Whatever sector you work in, however, it is time to get to grips with cloud computing and, in particular, the privacy implications of cloud procurement and deployment arrangements.

Privacy Community

A Year of Privacy Discussions: Looking Back and Forging Forward

By Jedidiah Bracy, CIPP/US, CIPP/E

Hard for me to believe, but it’s now been a year since we rolled out Perspectives, our very first blog here at the IAPP. As an organization, we were veering into uncharted territory, but our ultimate purpose was and continues to be to provide a forum for the difficult or practical or funny or just plain outlandish privacy conversations to play out.

Just before Christmas, we posted our top ten blog posts of 2013—all based on page views. But now that a full calendar year has gone by, I thought it worth looking back with a bit more nuance.

More from Jedidiah Bracy

Opinion

Privacy Is Not Dead ... It’s Aliiiiive!

By Ruby A. Zefo, CIPP/US, CIPM

Like many of you, I have been told repeatedly that “privacy is dead.” Most recently, I was walking down the hall in my office building, carrying my Ultrabook with the Future of Privacy Forum’s “I © privacy” sticker on it, and minding my own business. A marketing colleague stopped me and abruptly advised me that “the thing you love is dead.”

Good heavens. For a minute I panicked. What thing? Cuban sandwiches? My cat? Cowboy boots? What? He pointed to my sticker and said, “Privacy is dead!”

Oh, that. No sir, it is not dead.

More from Ruby A. Zefo