IAPP-GDPR Web Banners-300x250-FINAL
Designing Privacy EVERYWHERE: Whirlwind Excursions Discussing Privacy Integration

From Maryland to Ireland, Slovakia to Florida, privacy professionals and their industry colleagues are working on integrating Privacy by Design into business models and functionality. This ambition became evident to me when I spoke at five conferences in three countries on how to most effectively integrate privacy into the core functionality of business operations. This global trend should make the folks at the IAPP happy! Here’s a glimpse of my whirlwind tour:

April 15, National Harbor, Maryland, The National Association of Attorneys General’s Presidential Initiative Summit on Privacy
After a keynote address byWall Street Journal journalist Julia Angwin, Vermont Attorney General William Sorrell led a panel on Cybersecurity: Protecting Government, Financial and Critical Infrastructure with Bill Nelson, president and CEO of FS-ISAC, Bill Dennings, chief information security officer at Mastercard and myself. Despite being the only participant not named Bill, it was a great panel that included pertinent insights into how private companies and information-sharing and analysis centers address ever-evolving cybersecurity threats. I discussed how privacy and cybersecurity must be integrated in order to be effective; interestingly, the panel concurred, detailing how privacy and data minimization was implemented in their information-sharing procedures.

It was palpable how much the Attorneys General were craving information on cybersecurity and privacy—and seeking information about how they could join the privacy policy discussions currently raging.

April 18, Dublin, Ireland
I had been invited to speak at a conference hosted by Techlaw Group. My panel tussled with the issues of privacy and information sharing within a hypothetical multi-national healthcare organization. Members of the panel were from Canada, France, Israel and the U.S. in addition to good friend Billy Hawkes, Ireland’s data protection commissioner. Two takeaways from this session:

1) technology lawyers really understand that privacy needs to be integrated into technological improvements and approaches, and;

2) really smart lawyers in every country strive to implement privacy by design whenever possible.

April 18-20, Bratislava, Slovakia
After two short flights, I attended the Globsec 2013 Conference. The topic for the panel was Securing the Homeland. Other participants on this important panel were Baroness Pauline Neville-Jones, UK special government representative to business for cybersecurity, and Judy Dempsey, non-resident senior resident Carnegie Europe and longtime international journalist. Needless to say, I had the worst accent and least experience among the three of us! Discussion between the panel and audience was nonstop, covering a wide range of national and cybersecurity issues, which was particularly timely since Dzokhar Tzarnaev had been captured less than six hours earlier. With that said, almost every audience question touched on some aspect of integrating privacy and security and ensuring it’s considered at every stage of information life cycle.

April 24, Palm Beach Gardens, Florida
I then headed south to sunny Florida to join Epsilon at its annual Symposium, together with David Vladeck of Georgetown Law, former director of the FTC’s Bureau of Consumer Protection. A lively crowd asked a wide range of practical questions on COPPA implementation, mobile device privacy and third-party accountability. In fact, this was the first time privacy had appeared on the main stage at an Epsilon Symposium—another sign that the times they are a’changin!

April 25, Washington, DC
I ended this spate of speeches in a similar fashion as I started it—talking about how important it is to integrate privacy and cybersecurity. In fact, in several ways, this presentation was the most important. This time, instead of talking to state officials, I testified before the U.S. Congress at a hearing titled Striking the Right Balance: Protecting Our Nation's Critical Intrastructure from Cyber Attack and Ensuring Privacy and Civil Liberties before the House Homeland Security Subcommittee on Cybersecurity, Critical Infrastructure and Security Technologies. Given that this was my third time testifying in front of Chairman Patrick Meehan (R-PA)—although my first since I left DHS—I was hoping for a commemorative mug or at least a baseball cap for my testimonial hat trick. I settled instead for a very lively and well-informed conversation on privacy and cybersecurity and how important it is to make sure these elements are integrated.

During the hearing, I emphasized—as I did throughout my three-and-a-half years at DHS—the continued integration of privacy and cybersecurity is crucial for effective cybersecurity protections. In fact, this was the first hearing on privacy and cybersecurity on Capitol Hill after almost three years of debate. Therefore, it was important to describe how to integrate privacy and cybersecurity—and why integrating privacy into the operational aspects of activities like cybersecurity monitoring makes the program both more effective and more likely to protect privacy.

After a tumultuous two weeks of weighing the Privacy-by-Design implications within cybersecurity, health care, marketing and national security, I realized that this wholesale adoption of the importance of Privacy by Design demonstrates this issue of privacy is both international and universal. I was heartened by that conclusion and envision a strong future for privacy professionals worldwide.

photo credit: mbshane via photopin cc

Written By

Mary Ellen Callahan, CIPP/US


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»