Posted in Data Governance

Privacy Profession

Which Drives Leadership: Compliance or Strategy?

Leadership is crucial to a successful privacy program. It is leadership that engages senior executives, inspires an extended team and provides hope to advocates and confidence to regulators.

But what drives leadership in 2014? Is it the need to have a highly compliant organization in an era where compliance is very complex? Or is a strategic approach to information governance when data moves from being a business facilitator to the driver of innovation?

More from Martin Abrams

Practical Privacy

How to Lose Your Data In 10 Days

By Heather Federman, CIPP/US

It’s no longer an “if” you’re the target of a data breach; it’s just a matter of “when.” Data loss incidents are becoming an unfortunate rite of passage. More and more businesses have found themselves exposed and ill-prepared to manage the fallout. While the average cost of a breach equals $5.5 million, the public reaction fosters graver implications. The resulting “business shock” not only paralyzes operations, but it also damages relationships with regulators, partners and consumers.

How can you best prepare and defend your organization? How can we all make 2014 the year of “data stewardship?”

More from Heather Federman

Practical Privacy

Privacy 101 for SMEs: The Best Defense is a Good Offense

By Omer Tene
and Marc Groman, CIPP/US

Imagine you are a major retailer and have to disclose a few days before Christmas that hackers stole credit card details and personal data on about –oh, 110 million shoppers –from your secure safe. Or that just as your app is experiencing hockey stick growth, leading tech blogs and media blast you for uploading users’ contact lists to your servers without permission.

Hearing news like this, you probably cringe at the thought that this might happen to you. But, of course, you are not a major retailer or global corporation, or even an app with tens of millions of users commanding media attention; you are a small or medium enterprise (SME), so you don’t have to worry, right? Wrong! Privacy and data security must be strategic considerations for every business, including garage entrepreneurs developing cool apps or analytics companies with half a dozen employees.

More from Omer Tene

Data Governance

Half Full or Half Empty: Is Your Business Viewing Privacy Through the Right Lens?

By Rafae Bhatti, CIPP/US

Data protection and privacy are urgent issues for both consumers and businesses. Customers increasingly worry whether their personal information is secure, while companies are concerned about protecting data and complying with regulatory requirements.

But are business leaders looking at the glass half empty? 

Posted in Data Governance
More from Rafae Bhatti

Privacy Law

IAPP Westin Research Center

The OECD Heralds the Arrival of the Privacy Profession

For anyone following the field of privacy policymaking, the past two years have seen a flurry of activity unsurpassed in any other legal arena. Fittingly, the first reform process to come to fruition is that of the OECD Privacy Guidelines, which date back to 1980 and contain the first internationally agreed upon iteration of the now ubiquitous Fair Information Privacy Principles (FIPPs). Together with the expected result of the major reform processes in the U.S. and EU, the revised guidelines, which will be launched on the OECD website today, are set to become the second generation of information privacy laws. As such, it is important to assess what has changed since their inception more than 30 years ago.

More from Omer Tene

From the Tool Belt

Overcoming the Security and Privacy Challenges of the Cloud

By Chris Zoladz, CIPP/US, CIPP/E, CIPP/IT, CIPP/G

There is no doubt that the use of the cloud will continue to grow at an impressive rate. IDC estimates the cloud market will be worth over $50 billion by 2014 and over $120 billion by 2020. Even the U.S. government, who is not viewed as a leader in the use of technology, has a “cloud first” mandate. With compelling evidence that migration to the cloud will improve an organization’s bottom line and business efficiencies, it would seem to be an easy decision. 

However, the ubiquitous articles and blog posts about the seemingly insurmountable security and privacy risks of moving mainstream applications to the cloud have created ample fear, uncertainty and doubt in some organizations.

More from Chris Zoladz

Opinion

Privacy and the City

By David Hoffman, CIPP/US

I have written on the need for adequate privacy protections to allow individuals to exercise their Right to Fail. For people to come together to collaborate and innovate, we need to make certain individuals can try new ideas. We need people to take risks and often fail, without running the risk that every failure will be catalogued forever in a virtual permanent record and those failures will be retrievable with a simple Internet search or report from a data aggregator/broker. People are inherently social and want to collaborate and innovate, but we need to create the right privacy policy environment to both foster that innate desire and protect individuals from counterproductive consequences from our social nature.

Edward Glaeser wrote on just this topic in his excellent book, Triumph of the City: How our Greatest Invention Makes Us Richer, Smarter, Greener, Healthier and Happier . The book describes how cities have historically been the engines of innovation as they bring people together to collaborate and create.

More from David Hoffman

Privacy on the Ground

Why Are German and U.S. Practices so Similar, if Their Regulatory Structures Are so Different?

Our previous post began to explore findings from almost one hundred interviews of leading corporate privacy officers, regulators and other privacy professionals in five countries—and what they can teach us about how the structure of the corporate privacy function can affect the success of measures to protect privacy.

We ended that post with a surprising finding: The two countries in which privacy officers were most empowered, and most involved in shaping firm strategy, couldn’t be more different in terms of their regulatory substance and form—Germany and the U.S.

More from Deirdre Mulligan