What do you get when you gather privacy pros from across the globe together to share insights, discuss issues and ask and answer questions via the speed of e-mail? The IAPP Privacy List. Since its inception last March, the Privacy List has been home to an ever-growing conversation, with topics varying from week to week and month to month depending on what individual privacy professionals are addressing in their professions or, at times, the international headlines that bring privacy issues into the public domain.
During the month of January, the Privacy List has been the place to go for practical, hands-on knowledge delivered from pro to pro.
In the first three weeks of January alone, one pro reached out to the members on the list seeking input from those with advice on e-discovery policies and procedures; others have asked for assistance with finding privacy-specific career leads, and one more list member sought input from peers on finding quality search/auditing tools to improve efficiency when addressing FOI access requests and audits.
A typical question to the list, for example, begins with a pro’s explanation, “I’m working on upgrading the presentation of our Terms of Service (TOS) along with our Privacy Policy on our Web site. I’m looking for good examples on how to best present the TOS,” including examples of formats that would indicate the user actually explored the terms.
Another pro reached out to the list asking for specific insights from members who develop or service electronic medical record (EMR) software with a question about executing a business associate agreement.
On the list, many posts are public to all list members, while individuals can also respond directly to the original poster, though many members often request public responses as they may be addressing similar topics within their own companies and organizations.
There are also informative postings, including a
pointing users to a link compiling some of the privacy lawsuits filed and decisions handed down in 2010.
While some months it has been news about major breaches, new privacy legislation in various states and nations or headline-making controversies that shape the dialogue, this month’s practical focus has been a back-and-forth on issues that many privacy pros in a range of fields must tackle—including those that often make data breach news.
For example, one recent posting asks for input on one of the struggles of the mobile workplace age.
“An employee who has been issued a work computer impermissibly uses a personal computer to store confidential employment-related data,” the post reads. “In order to appropriately mitigate any disclosure or potential disclosure of the confidential data, the employer, as owner of the confidential information, needs to ensure the confidential data is retrieved and the employee’s personal computer is wiped clean of the confidential information. How can the issues of the employee’s private rights to not have his/her computer seized be reconciled with the employer’s need to retrieve the confidential data and remove all traces of the confidential data from the employee’s computer? Does any legal authority exist permitting the employer to seize the employee’s personal computer for purposes of retrieving and cleaning the computer of all confidential work-related information?”
