Designing Privacy EVERYWHERE: Whirlwind Excursions Discussing Privacy Integration
From Maryland to Ireland, Slovakia to Florida, privacy professionals and their industry colleagues are working on integrating Privacy by Design into business models and functionality. This ambition became evident to me when I spoke at five conferences in three countries on how to most effectively integrate privacy into the core functionality of business operations. This global trend should make the folks at the IAPP happy! Here’s a glimpse of my whirlwind tour:
April 15, National Harbor, Maryland, The National Association of Attorneys General’s Presidential Initiative Summit on Privacy
After a keynote address by Wall Street Journal journalist Julia Angwin, Vermont Attorney General William Sorrell led a panel on Cybersecurity: Protecting Government, Financial and Critical Infrastructure with Bill Nelson, president and CEO of FS-ISAC, Bill Dennings, chief information security officer at Mastercard and myself. Despite being the only participant not named Bill, it was a great panel that included pertinent insights into how private companies and information-sharing and analysis centers address ever-evolving cybersecurity threats. I discussed how privacy and cybersecurity must be integrated in order to be effective; interestingly, the panel concurred, detailing how privacy and data minimization was implemented in their information-sharing procedures.
April 18, Dublin, Ireland
I had been invited to speak at a conference hosted by Techlaw Group. My panel tussled with the issues of privacy and information sharing within a hypothetical multi-national healthcare organization. Members of the panel were from Canada, France, Israel and the U.S. in addition to good friend Billy Hawkes, Ireland’s data protection commissioner. Two takeaways from this session:
1) technology lawyers really understand that privacy needs to be integrated into technological improvements and approaches, and;
2) really smart lawyers in every country strive to implement privacy by design whenever possible.
April 18-20, Bratislava, Slovakia
After two short flights, I attended the Globsec 2013 Conference. The topic for the panel was Securing the Homeland. Other participants on this important panel were Baroness Pauline Neville-Jones, UK special government representative to business for cybersecurity, and Judy Dempsey, non-resident senior resident Carnegie Europe and longtime international journalist. Needless to say, I had the worst accent and least experience among the three of us! Discussion between the panel and audience was nonstop, covering a wide range of national and cybersecurity issues, which was particularly timely since Dzokhar Tzarnaev had been captured less than six hours earlier. With that said, almost every audience question touched on some aspect of integrating privacy and security and ensuring it’s considered at every stage of information life cycle.
April 24, Palm Beach Gardens, Florida
I then headed south to sunny Florida to join Epsilon at its annual Symposium, together with David Vladeck of Georgetown Law, former director of the FTC’s Bureau of Consumer Protection. A lively crowd asked a wide range of practical questions on COPPA implementation, mobile device privacy and third-party accountability. In fact, this was the first time privacy had appeared on the main stage at an Epsilon Symposium—another sign that the times they are a’changin!
April 25, Washington, DC
I ended this spate of speeches in a similar fashion as I started it—talking about how important it is to integrate privacy and cybersecurity. In fact, in several ways, this presentation was the most important. This time, instead of talking to state officials, I testified before the U.S. Congress at a hearing titled Striking the Right Balance: Protecting Our Nation's Critical Intrastructure from Cyber Attack and Ensuring Privacy and Civil Liberties before the House Homeland Security Subcommittee on Cybersecurity, Critical Infrastructure and Security Technologies. Given that this was my third time testifying in front of Chairman Patrick Meehan (R-PA)—although my first since I left DHS—I was hoping for a commemorative mug or at least a baseball cap for my testimonial hat trick. I settled instead for a very lively and well-informed conversation on privacy and cybersecurity and how important it is to make sure these elements are integrated.
During the hearing, I emphasized—as I did throughout my three-and-a-half years at DHS—the continued integration of privacy and cybersecurity is crucial for effective cybersecurity protections. In fact, this was the first hearing on privacy and cybersecurity on Capitol Hill after almost three years of debate. Therefore, it was important to describe how to integrate privacy and cybersecurity—and why integrating privacy into the operational aspects of activities like cybersecurity monitoring makes the program both more effective and more likely to protect privacy.
After a tumultuous two weeks of weighing the Privacy-by-Design implications within cybersecurity, health care, marketing and national security, I realized that this wholesale adoption of the importance of Privacy by Design demonstrates this issue of privacy is both international and universal. I was heartened by that conclusion and envision a strong future for privacy professionals worldwide.
About the Author
Mary Ellen Callahan, CIPP/US, is a nationally recognized privacy attorney with an extensive background in consumer protection law. As the longest-serving former chief privacy officer of the U.S. Department of Homeland Security—the first statutorily mandated privacy office in any federal agency—Callahan has a unique and broad knowledge of and experience with the interface of the protection of privacy, civil rights and civil liberties with cybersecurity and national security issues. During her tenure at the Department of Homeland Security, Callahan also served as Chief Freedom of Information Act (FOIA) Officer, responsible for centralizing both FOIA and Privacy Act operations to provide policy and programmatic oversight and support implementation across the department. Callahan is the founder and now serves as chair of Jenner & Block’s Privacy and Information Governance Practice.