Posted in Privacy Officers

Privacy Profession

For Privacy Pros: A Look At Your Job Tomorrow

By Eduardo Ustaran, CIPP/E

It is pretty obvious that the privacy profession is changing fast.

Once the realm of an elite of nerdy specialists, the profession is opening up to include a whole range of professionals with a variety of talents, training and skill sets. And whilst the complexity of the challenges faced by those with responsibility for managing information, protecting data and safeguarding individual privacy remains as high as in the early days, the implications of addressing those challenges correctly are becoming exponentially greater. If we succeed, we will not only have contributed to the prosperity of future generations, but we will have also done our bit to preserve everyone’s freedom.

More from Eduardo Ustaran

The U.S.-EU Privacy Debate: Conventional Wisdom Is Wrong

Everybody knows the conventional wisdom: United States privacy law is weak and fractured, with neither comprehensive data protection legislation nor a dedicated privacy enforcement authority. The European Union is the gold standard of global privacy regulation, with its omnibus Data Protection Directive and collective force of 28 national data protection authorities. But, In fact, far from its caricature as a beat up railcar breathlessly panting behind the EU privacy locomotive, it is the U.S. that drives privacy policymaking worldwide.

More from Omer Tene

Practical Privacy

What Makes a Good Privacy Officer?

By K Royal, CIPP/US, CIPP/E

Recently, as I was speaking to a talented group of law students, I was asked the above question. This has also been a related theme underlying some of the recent posts on the IAPP Privacy List. I’m not sure if this list is what those who want to enter the privacy field should cultivate in themselves, what current privacy officers are like or what we should be aiming for as a profession.

To build this list, I searched online for the top 10 traits or characteristics of compliance officers, salespeople, CEOs and managers. In essence, I could stop this blog entry now—that is what we are and should be: compliance officers, salespeople, CEOs, managers and let’s include janitors as well. In fact, let’s look at it that way: What job skills does one need to be an effective privacy officer? If we were to brew the perfect privacy officer, what career fields would we throw into the kettle?

More from K Royal

Privacy Community

A Year of Privacy Discussions: Looking Back and Forging Forward

By Jedidiah Bracy, CIPP/US, CIPP/E

Hard for me to believe, but it’s now been a year since we rolled out Perspectives, our very first blog here at the IAPP. As an organization, we were veering into uncharted territory, but our ultimate purpose was and continues to be to provide a forum for the difficult or practical or funny or just plain outlandish privacy conversations to play out.

Just before Christmas, we posted our top ten blog posts of 2013—all based on page views. But now that a full calendar year has gone by, I thought it worth looking back with a bit more nuance.

More from Jedidiah Bracy

Privacy Profession

Which Drives Leadership: Compliance or Strategy?

Leadership is crucial to a successful privacy program. It is leadership that engages senior executives, inspires an extended team and provides hope to advocates and confidence to regulators.

But what drives leadership in 2014? Is it the need to have a highly compliant organization in an era where compliance is very complex? Or is a strategic approach to information governance when data moves from being a business facilitator to the driver of innovation?

More from Martin Abrams

Top 10 Data Privacy Tips for 2014 #DPD14

By Dana Simberkoff, CIPP/US

With privacy breaches and security threats making headlines around the world on a daily basis, it’s becoming increasingly obvious to most enterprises that the personal information and sensitive data they hold is an extremely valuable commodity. However, shared inappropriately—whether by accident or breach—the disclosure of sensitive data can have dramatic financial impacts on an organization and erode consumer trust. The good news here is that this should be highly preventable. So in honor of Data Privacy Day—which will be celebrated this year on Tuesday, January 28—here are 10 tips for improving your privacy and data protection programs in 2014.

More from Dana Simberkoff

Opinion

Is the U.S. About To Get Its First European-Style Employee Works Council?

By Allen Brandt, CIPP/US, CIPP/E, CIPM

A recent article in The New York Times noted that every one of Volkswagen’s (VW) manufacturing plants in the world has an employee works council except one: the VW plant in Chattanooga, TN. Works councils are popular in VW’s home country of Germany and created by a directive in the European Union. This directive mandates employees have a voice in working with management about working conditions in their environment.

U.S. chief privacy officers (CPOs) and their European counterparts—data protection officers (DPOs)—often work with works councils in many areas but especially in protecting employee privacy. In fact, German DPOs and their corporate works councils have a reputation for being strong defenders in protecting privacy rights. Want to monitor e-mail or social media in the workplace? Centralize your HR records in the U.S.? Or ready to add a whistleblower hotline? The German Works Council Act, for example, empowers the works council to agree or refuse consent of many employee-monitoring devices. All of these require consultation in advance of the organization’s works council, and you can expect to hear a strong statement in support of protecting privacy rights!

More from Allen Brandt

Accountability

For Federal Privacy Programs, the Final Fair Information Practice Principle Is Crucial

By Mary Ellen Callahan, CIPP/US

When I was Chief Privacy Officer at the U.S. Department of Homeland Security from 2009-2012, I was asked frequently how the Department of Homeland Security Privacy Office was able to ascertain whether the privacy protections initially embedded in DHS programs and systems were being applied, and whether they were effective in protecting privacy. As with many things in privacy, the answer is: auditing and accountability, the last Fair Information Practice Principle. In order to be effective, the accountability must be integrated through all parts of the information governance lifecycle, including analyzing the privacy programs at the Department and component level themselves.