Posted in Privacy Officers

Privacy Profession

For Privacy Pros: A Look At Your Job Tomorrow

By Eduardo Ustaran, CIPP/E

It is pretty obvious that the privacy profession is changing fast.

Once the realm of an elite of nerdy specialists, the profession is opening up to include a whole range of professionals with a variety of talents, training and skill sets. And whilst the complexity of the challenges faced by those with responsibility for managing information, protecting data and safeguarding individual privacy remains as high as in the early days, the implications of addressing those challenges correctly are becoming exponentially greater. If we succeed, we will not only have contributed to the prosperity of future generations, but we will have also done our bit to preserve everyone’s freedom.

More from Eduardo Ustaran


Should Privacy Professionals Have a Code of Ethics?


To more accurately assess this inquiry, I looked outside of associations based solely on one’s education and looked for associations based on one’s role or job and I found several examples of codes of ethics for professionals. There are members of IAPP who are also members of some of these other professional associations: HCCA, ISC2, SCCE, just to name a few. Additionally, many members of the IAPP are licensed attorneys and bound by the ethics of their license; such is also true for medical professionals, accountants, social workers, teachers, and many other fields. Alex Fowler addressed this same issue.

Having experience in the medical, educational and legal environments, I am acquainted with the potential for conflict between professional obligations. For example, I occasionally faced conflicts between my obligations as a nurse and my obligations as an attorney. While there is always an eventual decision made after careful analysis, this decision is not always concrete and is subject to context and opinion.

More from K Royal


An Open Letter to Privacy Professionals: We Need to Earn the Public’s Trust

The recent news about the extent to which the U.S. government is monitoring the communications, online interactions and activities of American citizens brings into question our ethical responsibilities as privacy professionals.

All of the companies caught up in the news that complied with secret court orders to hand over bulk user data have privacy officers and dedicated teams of privacy professionals. Yet the extent to which any of these privacy teams were involved or were aware of these orders is unclear. This simple irony provokes reflection on the role of privacy professionals and our associated ethical and social responsibilities.

More from Alex Fowler


Bridging the EU-U.S. Privacy Gap

By J. Trevor Hughes, CIPP

Privacy has always been a difficult concept to define, and privacy issues are complex.

For Europeans, privacy is a human right, while for Americans, privacy tends to be about liberty. It’s often thought that the Holocaust and the rise of totalitarianism in 20th century Europe have been the catalysts behind the region’s strong privacy and data protection regimes.

A recent book by Edwin Black, in detailed research, examines Nazi Germany’s use of the computer’s forebear to aid in systematic genocide. These Hollerith machines and punch cards helped the Third Reich organize and carry out the atrocities of the Holocaust. And in post-war Europe, the widespread use of surveillance and coercion informed and empowered the Stasi, the KGB and other totalitarian enforcers.

But is that the real reason the U.S. and Europe have such seemingly differing cultural constructions of privacy?

More from J. Trevor Hughes

Privacy on the Ground

The Modern Privacy Function: Balancing Strategy with the Operational

Our previous posts reported some initial conclusions from almost one hundred interviews of leading corporate privacy officers, regulators and other privacy professionals in five countries. The second post explored one surprising finding—that the two countries in which privacy officers were most empowered were Germany and the United States, countries which couldn’t be more different in terms of their regulatory framework—and explored some of the reasons for privacy officer strength in Germany. 

This final post explores a caution raised by privacy officers in both the public- and private-sector regarding particular risks created by attempts to ensure that privacy is part of high-level deliberations within a corporation—risks that must be managed in developing policy regarding privacy.

More from Deirdre Mulligan

Privacy on the Ground

Why Are German and U.S. Practices so Similar, if Their Regulatory Structures Are so Different?

Our previous post began to explore findings from almost one hundred interviews of leading corporate privacy officers, regulators and other privacy professionals in five countries—and what they can teach us about how the structure of the corporate privacy function can affect the success of measures to protect privacy.

We ended that post with a surprising finding: The two countries in which privacy officers were most empowered, and most involved in shaping firm strategy, couldn’t be more different in terms of their regulatory substance and form—Germany and the U.S.

More from Deirdre Mulligan

Privacy on the Ground

Operationalizing Privacy: How Empowered Is Your Privacy Office?

Where should privacy professionals be positioned within the organization?

What level of independence and authority do privacy officers need so that they can embed a value as complicated as privacy—at times in tension with a whole host of bottom-line commitments, from identifying terrorists to placing effective ads—into a complex organization?

And if privacy is to be delivered through designs and defaults, as well as policy, where should privacy professionals be positioned within the firm?

More from Deirdre Mulligan