Inside 1to1:Privacy

Motorola: The Marriage of Privacy and Security

August 1, 2007

By Jay Cline, CIPP

Since his arrival last year at Motorola, Data Protection Officer Dan Swartwood has seen his role grow in new directions to encompass responsibilities that marry privacy and security at the company. The convergence of privacy and security at Motorola is an emerging trend for other companies championing information-based business models.

The timing of the privacy-security convergence for the Schaumburg, Illinois-based telecommunications manufacturer and originator of Six Sigma methodology isn't accidental. Founded in 1927 as a producer of radio products, the company subsequently expanded into other communications-related products and services.

The information revolution is compelling. As with Kodak, which needed to transform from paper to digital, Motorola needed to extend its business from equipment into more services. To deliver on this new business model, the $43 billion multinational has engaged a growing array of contractors and business partners to supplement its 66,000 employees. Harnessing the intellectual capital of this extended enterprise is becoming Mission 1.

"The driving force for our future success is our intellectual property," Bill Boni, Motorola's Chief Information Security Officer, told INSIDE 1to1: Privacy.

"Protecting customer and employee personal information is also essential to build trust in the organization," Boni added.

Swartwood and his staff report to Boni, who in turn reports to Patty Morrison, Motorola's global CIO. In addition to privacy, Boni oversees IT security governance, business continuity planning, information security solutions, and information assurance.

For his part, Swartwood began his appointment with the privacy docket, but soon added intellectual-property protection and electronic-forensics investigations. Placing this portfolio among the other risk functions in IT "made sense," Swartwood said, because of their overlapping goals for what is known inside the company as "Data of Concern."

Data of Concern is information critical to the company's success or requires special handling. To manage the risks associated with this priority data, Motorola developed an integrated framework that combines all of the company's legal, policy, contract and industry requirements for data management. The risk team branded the framework as "iProtect," targeted it at the average Motorola employee, and now delivers the content via online training modules, newsletters, plasma-screen ads, giveaways and in-classroom training. Motorola also addresses privacy, intellectual-property protection and records management in its required ethics training.

This functional convergence already is having beneficial effects on Motorola's internal policies. When Swartwood arrived, the company had 400 pages of guidance for data-related topics -- policies that had accumulated over time. A task force streamlined those policies into 23 pages targeted at the individual user, rather than subject-matter experts.

"The goal was to empower people with the information they need to be successful," Swartwood said.

Swartwood is seeing a small but growing number of companies trying to integrate their information-risk functions to reduce overhead and better manage their data. To that end, Swartwood has agreed to lead a new Ponemon Institute working group on Data Protection Convergence.

"The global business environment is going to continue to become more complex," Swartwood explained. "Looking for better ways to manage that complexity just makes sense."

Jay Cline can be reached at cline@minnesotaprivacy.com.