Businesses Need Trained Privacy Cops

The International Association of Privacy Professionals, with grants from Hewlett-Packard and Microsoft, now offers a privacy-certification program.
Data privacy is a top priority for many businesses, and they need decision-makers sufficiently trained in privacy-related matters to ensure that the proper controls are in place. That's why the International Association of Privacy Professionals, with grants from Hewlett-Packard and Microsoft, on Wednesday unveiled a privacy-certification program that will establish educational and testing standards for privacy professionals.

During the past few months, privacy has become a hot-button issue as federal government requests for private-sector data have gotten a lot of attention. Most recently, a Homeland Security Department report said the Transportation Security Administration violated the spirit of the Privacy Act of 1974 when it compelled JetBlue Airways in 2002 to hand over passenger data to a federal contractor testing a new Defense Department terrorism database. In January, Northwest Airlines admitted that it voluntarily shared passenger data with NASA in 2002 for a research study the agency was conducting. And in December, the FBI approached the major Las Vegas casino resorts requesting--and receiving--guest data for assistance in investigating a potential terrorist act planned for New Year's Eve.

Trevor Hughes, executive director of the privacy association, says those events are only the latest developments that highlight the need for certifying privacy professionals in an effort to create better privacy safeguards within companies that hold massive amounts of customer data. Other factors spurring privacy concerns include the growing rate at which online commerce sites are collecting customer data, as well as Justice Department requests that Internet service providers hand over customer data in an effort to stop illegal file-sharing activities that violate copyright laws.

Too often, Hughes says, privacy is being handled by IT, security, and legal staff, many of whom do not have backgrounds in privacy. "If you have a privacy professional, having a federal body calling upon you will be a much more manageable experience," he says. "You'll have a lot more wherewithal at the table."

Among the companies represented on the certification program's advisory board are HP, Microsoft, Nationwide Insurance, Nordstrom, Procter & Gamble, and Wal-Mart. Specifics of the certification program are yet to be divulged, but Hughes says the curriculum will be distributed in books, by training partners, and during privacy association conference sessions, with plans for eventual Web-based training. Testing will occur initially at the association's conferences.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing