Cloud // Software as a Service
Commentary
3/12/2012
02:44 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Data Protection Officer Drought Predicted

Google's global privacy counsel doubts there are enough data defenders to help companies comply with EU data rules.

Mobile World Congress Preview: 10 Hot Devices
Mobile World Congress Preview: 10 Hot Devices
(click image for larger view and for slideshow)

Be careful what you wish for: Five years ago, Google global privacy counsel Peter Fleischer called for privacy standards around the world to be harmonized because the regulations were all over the map.

Privacy laws around the world might not ever be in perfect harmony, but lately even the freewheeling U.S. seems to be marching to Europe's insistent drumbeat of data protection. Earlier this year, the European Commission proposed a broad reform of the EU's 1995 data protection regime. A month later, the Obama administration issued its Consumer Privacy Bill of Rights as part of a broader data privacy initiative.

Although the EU's new data protection rules might not complete their journey through the legislative process for a few more years, companies have to start thinking about the impact of the regulations well before then.

Writing on his personal blog on Friday, Fleischer warned that there are not enough experienced data protection officers to meet the impending legal requirements and that more need to be trained.

[ Read EU Data Rules Worse Than SOPA? ]

"Soon, many thousands of companies operating in Europe will be looking to appoint [data protection officers] to meet legal obligations, and since there is no available pool of such people, companies need to start thinking now about how to recruit, train and resource a DPO, and/or an entire DPO team, for the large companies," he wrote.

The EU requirement to employ a DPO applies to companies with more than 250 workers. However, EU data laws should be considered by any company with customers in Europe, such as mobile app makers. The potential fines for violating EU data rules make compliance a necessity: up to 1 million euros or up to 2% of a company's global annual revenue.

Fleischer sees three viable approaches to the new rules, depending on the complexity of companies' data processing requirements.

Companies that have relatively simply data operations can probably just train personnel from human resources or marketing, he suggests.

They might also be able to outsource the DPO role, which he sees as a potential business opportunity for entrepreneurs.

Companies with large, complex data processing and handling operations will have the most adjustment to do. "[T]oday, rather shockingly, some of the world's largest data processing companies, with mega-databases of trillions of pieces of personal data, do not have a single heavy-weight DPO on staff," he wrote.

Fleischer argues that such companies need to give DPOs resources and authority, something that will come from knowledge of privacy laws and willingness to defend privacy interests. Though internal executive support for the DPO's mandate matters, he suggests that DPOs will have some inherent power through legal protections against unfair dismissal.

The effort to achieve and maintain compliance with Sarbanes-Oxley requirements remains one of the primary drivers behind many IT security initiatives. In our Security Via SOX Compliance report, we share 10 best practices to meet SOX security-related requirements and help ensure you'll pass your next compliance audit. (Free registration required.)

Comment  | 
Print  | 
More Insights
8 Steps to Modern Service Management
8 Steps to Modern Service Management
ITSM as we know it is dead. SaaS helped kill it, and CIOs should be thankful. Hereís what comes next.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.