IAPP-GDPR Web Banners-300x250-FINAL

By Sam Pfeifle
Publications Director

Leslie Harris, who has headed the Center for Democracy & Technology (CDT) since 2005, announced this month that she will resign from her post in March of 2014, just as the CDT celebrates its 20th anniversary. In a conversation with The Privacy Advisor, Harris made it clear that she is not retiring but rather “right-sizing,” and she is hardly done with her work in the privacy arena.

Nor is she done with her work at the CDT. She has a number of goals for the upcoming nine months, not the least of which is finding a replacement. The CDT’s board has created a search committee, led by Chair Deirdre Mulligan and including Bill Bernstein, Danny Weitzner and Harris, and they’ve selected Russell Reynolds to assist in the search for a new president.

As for Harris personally, she said she’s looking for “someone with the capacity to globalize CDT…someone who understands the space and the issues.” Of course, an ability to raise money is important, too, but also “an ability to retain the culture,” Harris said. “I lead a band of equals, and that’s part of our strength. It needs to be someone who understands that this organization is not about them.”

Further, the job gets harder every day.

“When I came in,” Harris said, “privacy was on the agenda…but the issues were much more straightforward. The storage revolution, the addition of Big Data analytics and the growing appetite for access to data held by the private sector, the increasing flow of data through the cloud—all of that has taken privacy from small discussions to key global debates in the course of my tenure here. And I don’t know that we’ve made the progress I’d have liked.”

While the organization has grown from nine people focused on Washington, DC, to nearly 30 focused on the world at large, there still is not, for example, a baseline consumer privacy bill in the United States. There still has not been ECPA reform.

The progress the Federal Trade Commission has made in understanding privacy is gratifying, Harris said, but she’s disappointed by the lack of progress made otherwise in both the U.S. legislature and with the EU regulation reform. She’s encouraged by the Obama administration’s proposed Consumer Privacy Bill of Rights, saying “it’s a good model and takes into account innovation over time,” but the lack of movement in the legislature doesn’t leave her hopeful.

With that said, however, Harris does see the new Texas e-mail bill, the new bills in Montana and Maine require warrants for cellphone location tracking and the various social media access bills as steps in the right direction, legislatively.

One of the biggest problems, she feels, is that “the appetite for data is increasing far faster than the consumer can understand or even knowledgeable advocates like the CDT can keep up with. What was a fairly level and understandable conversation about who had your data and what obligations they had now extends to an enormous universe of players, many of whom a consumer has no idea that they have their data, and it’s such a complex environment that I worry that anybody, let alone lawmakers, will be able to unpack it in a way that’s useful rather than harmful.”

And there enters the chief privacy officer.

“Good privacy officers don’t view their role as just compliance,” she said. “It seems to me that an officer has an obligation to go quite far to explain the collection and uses of data to consumers in ways that are understandable and give them real and meaningful choices about that information. I think a privacy officer needs to be challenging the decisions of the company, not just saying, ‘If you’re doing this program, here’s the safeguards you put around it.’ I think they should be asking the question of whether they should be doing this program at all.”

Further, she believes the chief privacy officer (CPO) has new demands in consideration of the recent NSA revelations. Maybe a program of data collection would be good for the business, but if it opens up the possibility of vast government collection of that data, Harris feels privacy officers have an obligation to protect customers from that potential government intervention.

“Maybe six or seven years ago,” Harris said, “I remember raising the point that it was harder and harder to think about the consumer privacy questions without understanding the government privacy questions, and people were not happy with that. They wanted to bifurcate those two questions and not allow that to taint their nicely designed programs for legitimate purposes. But I don’t think you can continue to do that. Data collected by private companies is the principal fuel for our growing government surveillance programs…CPOs need to be thinking bigger than the accountability questions that good privacy officers ask now.”

Which is not to say Harris believes companies are shirking their duties to protect consumer privacy. She points to private industry’s support of ECPA reform and those who’ve joined the Digital Due Process Coalition as good corporate actors.

“But the most compelling example right now,” she said, “is the companies that have been pushing back on the national security demands: Yahoo's challenge to the statute at the FISA court, Microsoft and Google's challenge to the gag on the basis of their First Amendment rights. Companies do have obligations under human rights law. It is not the same as government responsibility, but there is a ‘duty to respect.’ Resisting and challenging overbroad government demands is certainly part of that obligation.”

Read More By Sam Pfeifle:
First PCLOB Meeting’s Ideas for USA PATRIOT Act; FISA Improvements May Affect Interaction with Private Industry
The Future of Data Dealer Is in the Balance
How UI and UX can KO privacy
IAPP Members in the News PRIVACY IN POPULAR CULTURE: This NSA PRISM Story Isn’t Funny … Except When It Is


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»