Most major corporations — most organizations of any kind — didn’t have privacy officers in 2000. The IAPP had about 100 members. Agnes Bundy Scanlan, CIPP/US, had only learned a few years previous that privacy management was even considered its own profession.
Yet there she was, volunteering to be the first chair of the association’s board of directors.
“When my HR director at Fleet Bank encouraged me to apply for the privacy officer job, I said, ‘What’s that?’” recalls Scanlan, now a senior advisor at Treliant Risk Advisors. “We had no chief privacy officer at the time and a privacy policy that no one paid much attention to. But when I talked to colleagues about privacy, I could see things were starting to happen. It was exciting because it was new. So, I went from managing the community development/CRA department of 200 people to managing three people — myself, an executive assistant and a manager.”
What a difference 17 years, the march of technology, and some landmark legislation make.
Now everyone from multinational corporations to local businesses have privacy officers, privacy staffs, processes and procedures. And the IAPP this summer signed up its 30,000th member: Brussels-based Sepideh Javaherian, community and projects manager for the European telecom community ETIS (in fact, the IAPP is growing so fast, the community has added 3,000 more members since we started writing this article).
Much like Scanlan, Javaherian never expected to end up protecting personal information. Her primary responsibility is facilitating knowledge-sharing between telecom companies on topics like innovation, big data and privacy.
But privacy and data protection have grown so pervasive that they’re no longer the exclusive domain of specialized professionals and lawyers like Scanlan. Javaherian and professionals in human resources, sales, marketing and information technology are increasingly thrust into privacy management as it grows more complicated.
Despite having no formal training in information privacy management, Javaherian manages data protection for ETIS’s members and employees. She joined the IAPP to expand her knowledge and skills, and to build a network of professionals in positions similar to hers.
“I don’t have a background in data protection, but I find the topic of data protection fascinating, and I want to learn more about it,” Javaherian says. “I was looking for resources and training, so when one of our members recommended the IAPP, I joined. I want to know the best ways to protect the data privacy of our members in line with the latest regulations.”
Javaherian started taking advantage of IAPP support immediately. She has registered for GDPR training that will help her both as a data protection officer and in organizing working sessions for ETIS members. She expects her data privacy responsibilities to increase with the growth of regulation and awareness.
“I think the world in general became more aware of data privacy, and the introduction of the GDPR demands specific actions from businesses to protect data privacy,” she says.
Growing together
The 17 years between Scanlan and Javaherian illustrates how important information privacy management has grown. Scanlan was a young executive on a steady upward track in the legal and financial services worlds when laws like the Graham Leach Bliley Act of 1999 started transforming privacy management.
Laws and regulations that grew with advances in data processing technology created a demand for specialized privacy professionals. That, in turn, created a demand for knowledge, training, certification, and a community of peers, fueling the IAPP’s growth. From the 100 members of Scanlan’s turn as chairman, the IAPP has grown steadily as lawmakers and regulators around the world recognize how important privacy is to economic growth. Privacy has evolved from a peripheral concern to a fundamental business driver.
“Privacy was no less a concern in the ‘90s when we were starting out than it is now. But the risks and challenges have become much more intense,” says IAPP President and CEO J. Trevor Hughes. “Between what current technology can do with data and the potential harm from breaches, organizations have to pay attention to privacy every minute of every day. We’ve been able to provide resources and support they need to do that. Our growth to 30,000 members is a very gratifying sign that we’ve done right by our members over the years.”
Scanlan says the IAPP grew because of its focus on the future. Hughes — whom she hired when she was board chairman — and the rest of the management team and the IAPP Board of Directors have been able to anticipate what privacy professionals need next through careful listening and attention to the legislative and regulatory environments.
“Privacy professionals constantly face new issues driven by the pace of technology and social media. These are huge drivers and they’re not going away,” she says. “When people contemplate what’s next, they’re confident the IAPP will be there to support them.”