The Privacy Lawyer: Balancing Act For Security And Privacy Issues
Most security professionals agree they expect no surprises on the privacy front, Parry Aftab says, but continued focus and diligence in implementing policy are key.
Every year about this time famous astrologers and clairvoyants provide their forecasts for the coming year on everything ranging from celebrity marriages to the presidency to lottery winners. This year I thought we'd turn instead to the leading privacy experts from diverse industries and ask them what they see as the privacy issues we will be facing this year and over the near future.
Interestingly, there were no surprises. The same issues that we have been discussing on informationweek.com's boards are on the minds of the experts. They include outsourcing, global data-flow, new technologies, existing technologies used in new ways, balancing security and privacy, protecting ourselves from intrusions and cyberattacks, addressing business-to-business and business-to-consumer differences, finding the return on investment on privacy, and the implications of misstepping in a complicated field.
Many of these issues also are on the minds of regulators and legislators. Spyware, adware, pop-ups, spam, spim, and unanticipated risks to consumers of new technologies are especially significant to regulators and state and federal lawmakers. So, expect to see many more Federal Trade Commission, state and congressional hearings on these issues and several stabs at new legislation this year, although few expect there to be a major piece of privacy-specific legislation passed in 2004. Instead, FTC Commissioner Mozelle Thompson predicts privacy will be indirectly woven into legislation.
Some of the more-experienced chief privacy officers have mentioned that this will be an especially challenging year, where policies and practices need to be developed, adopted, delivered, and maintained. At the same time, they recognize that new technologies and regulations require that these policies and practices be constantly reviewed and modified. Also, most of the experts agree that we'll all have to step back and start viewing the world as a cohesive whole, rather than our "U.S. against the world" perception. This is especially difficult when we realize how much of our data is used, stored, and managed offshore, and how much outsourcing security issues are affected by privacy regulations.
Look At Core Values
The biggest problem all experts face is how to make privacy-policy decisions that outlast the latest regulations and technology. They agree that the only way to do that is to look behind the latest trends to the core privacy values they reflect. Recognizing these allows adaptable policies and practices to be constructed. If we think that way from the beginning, integrating our practices and policies with the latest regulatory scheme and technology will be much less painful.
Finding a place for privacy professionals in the corporate structure will be an issue most businesses will face this year as well. Multinational corporations have indicated they're cutting back on using outside counsel in most privacy areas. Instead, they're retaining firms specializing in global privacy, and using them for advance intelligence on trends and early copies of new legislation. The CPO position also is often being renamed and pushed below a typical chief-officer level. Generally, the CPO position is now held by someone with other compliance or strategic responsibilities. Few are devoted to privacy full-time. That's viewed as a good sign since it means privacy isn't being seen as something to add after-the-fact. It's merely another consideration in building products, delivering services, human resources, and protecting brands. That makes privacy a core value to business and the privacy professional a member of the product and corporate team. (For more information about privacy professionals, visit the International Association of Privacy Professionals Web site at www.privacyassociation.org. The group's fourth annual Privacy and Security Summit is scheduled for Feb. 18-20 in Washington, D.C.)
Many corporate privacy experts consider international issues to be the hot buttons this year (Oracle's CPO, Joseph Alhadeff; Hewlett-Packard's CPO, Barbara Lawler; Intel's director of privacy, David Hoffman; and DoubleClick's CPO, Bennie Smith). Policy experts see spam regulations (AOL's VP of integrity assurance, Jules Polonetsky, and TrustE's executive director, Fran Maier) and electronic tracking and eavesdropping issues (Internet Caucus Advisory Committee senior adviser, Tim Lordan) leading the list. Microsoft and I agree that spyware (Microsoft's privacy strategist, Peter Cullen) and pop-ups, pop-unders, and adware are where we will be spending lots of time and creative energy this year.
The lawyers who advise the policymakers and industry see radio-frequency identification tags (Christine Varney, Hogan & Hartson) and wireless and outsourcing privacy and security issues (Ron Plesser, Piper Marbury Rudnick & Wolfe) as paramount. Government and public-policy privacy experts expect to see challenges in integrating new technologies with privacy implications (U.S. Postal Service's CPO, Zoe Strickland), balancing privacy and legitimate law enforcement and security interests (MCI's senior VP of technology strategy, Vinton Cerf) and voting-booth accessibility for the upcoming presidential election (accessibility legal expert, Cynthia Waddell) as key issues in the public arena. Those with a broad overview see this year as the year for implementation and delivery of their privacy practices and making sure it all fits together (IBM CPO, Harriet Pearson; and Microsoft's Peter Cullen).
A Matter Of Perspectve
Bottom line, everyone sees privacy implications from their own perspective. But all agree that this will be a special year for privacy experts. Until recently privacy was mostly an after-thought. Experts were reacting to new legislation, technology, and policies. They rarely had the luxury to be able to be proactive. But this year will require that we all be more mindful of privacy implications in everything we do. We need to recognize that privacy decisions affect B2B at least as much as it does B2C and that governmental privacy issues affect all stages of our lives.
This is a year to digest all we have already accomplished and implement the policies we have so carefully adopted. We need to deliver what we promise and make sure our employees are knowledgeable about those promises and when they apply. That takes experienced and knowledgeable privacy professionals. And, luckily, with all these experts willing to share their expertise, forewarned is forearmed.
What are your privacy prophecies for 2004? What is your company doing about privacy issues? Who do you turn to for privacy expertise? Join the discussion at Listening Post!
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.