close
News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Tracker Privacy Tracker

Alerts and legal analysis of legislative trends

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview Communities Networking Volunteer Privacy After Hours Privacy List Membership Directory Career Central
IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.
Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

 Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.
Privacy Training Classes Privacy Core Awareness GDPR Training Sample Questions Books Web Conferences Faculty Resource Center Train Your Staff Conferences
Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

 Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

 Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

 Privacy Core® library delivers 30+ units

Train your entire global workforce with comprehensive, customizable online training available in a number of languages.

 Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

 Training Product Updates—Get Them Here!

Training online? See the latest updates to our online training programs and our newest textbooks.

 Let’s Get You GDPR Ready Let’s Get You GDPR Ready

May 25 was not the end—it’s just the beginning. We have all the resources you need to meet the challenges of the GDPR.

New! - The Privacy Imperative

View this three-video series featuring global privacy leaders as they discuss the importance of creating a culture of privacy
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 CIPP/E + CIPM = GDPR Ready CIPP/E + CIPM = GDPR Ready

The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for GDPR readiness. Learn more today.
Tools Research Glossary DPAs FTC Casebook Enforcement Database IAPP Westin Research Center Jobs Vendors
GDPR Genius

This interactive tool provides IAPP members access to critical GDPR resources — all in one location.
Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.
Data Protection and Brexit

Looking for the latest on data protection post-Brexit? IAPP members can get up-to-date information right here.
Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.
Are You Complying with the GDPR?

The IAPP's EU GDPR page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
The 2018 Privacy Tech Vendor Report

We've updated the Privacy Tech Vendor Report highlighting companies offering privacy technology solutions and insight on market trends from industry leaders.
IAPP Asia Privacy Forum IAPP Asia Privacy Forum

World-class discussion and education on the top privacy issues in Asia Pacific and around the globe.

IAPP Data Protection Intensive: Deutschland IAPP Data Protection Intensive: Deutschland

Join data protection professionals from across Europe for two days of concentrated learning, sharing, and networking in Munich.

 IAPP Privacy. Security. Risk. (P.S.R.) IAPP Privacy. Security. Risk. (P.S.R.)

P.S.R. offers the best of the best in privacy and security, with innovative cross-education and stellar networking.

 IAPP Europe Data Protection Congress IAPP Europe Data Protection Congress

The hub of European privacy policy debate, thought leadership and strategic thinking with data protection professionals.

 IAPP Data Protection Intensive: UK IAPP Data Protection Intensive: UK

Practical solutions for data protection challenges with a strong emphasis on UK issues. Registration opens in the fall.

 IAPP Global Privacy Summit IAPP Global Privacy Summit

The world’s top privacy conference. Whether you work in the public or private sector, anywhere in the world, the Summit is your can't-miss event.

 IAPP Canada Privacy Symposium IAPP Canada Privacy Symposium

Registration for the Toronto event is open. Check out the program and reserve your spot today.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Mark Your Calendar

Future conference dates? We've got them! Get updates here.

 Speak at an IAPP Event

View our open calls and submission instructions.
Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

 ANZ Members

Review current member benefits available to Australia and New Zealand members
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | IBM appoints Italy-based Cabella as CPO Related reading: FDA, IBM to team up for blockchain in health care study

rss_feed

""

""

""

Global technology company IBM recently named Cristina Cabella as its chief privacy officer, taking over for Christina Peters, who is moving on to other data-related responsibilities, including data ethics, within IBM Legal. But Cabella isn't new to the company; in fact, she joined in 1999. The majority of her career has been spent in the company's European legal branch, and she got her start as European data privacy officer back in 2005. 

At first blush, IBM's appointment of Cabella as its CPO isn't so newsworthy. She's a logical choice for the position, with a strong background in both European law and IBM itself. But what's interesting, and perhaps indicative of a coming trend given the EU's pending General Data Protection Regulation, is that IBM is a company headquartered in the United States with an EU-based CPO. 

"It's quite unusual for an American company to have a European in that role," Cabella recognizes. But she said it's strategic. There's a lot of mistrust regarding American companies' data privacy practices these days. 

"It's a recognition of the importance for IBM to be really representing a global company," she said. "In Europe, it is very much the perception that American companies are belonging to different systems and different privacy regimes. In Europe, we are respective of the laws in Europe ... and we want to develop trust in IBM as a company that is present in Europe and wants to do business in Europe as elsewhere. It's a message of recognizing the importance of understanding European data privacy protection's background and understanding that global law needs to be part of the company." 

Cabella said she's serving a truly global role, responsible for data privacy in all IBM's geographies, which includes Latin America, Asia, and the Middle East, in addition to the U.S. and EU. But she said IBM's decision to name her CPO integrates "a single IBM vision," and indicates IBM's sensitivity to data privacy perceptions in European culture. 

"I think having a European background is helping me because, of course, Europe is considered to be one of the most advanced and respected regimes," she said. "So having that background in mind, I think, is helping to drive the company and to ensure that company-wise, geography-wise, we are aligned to a harmonized profile." 

Cabella's time, like most privacy pros of late, is occupied mainly by preparing IBM for the GDPR. She said she spends about 80 percent of her time on GDPR-related projects. She's managing data privacy lawyers both in the U.S. and EU and a number of her team members are covering developments in Latin America and Africa. She's also managing business lines in health data, as well as team members who are focused on certain business models as they relate to particularly sensitive data. 

Cabella said success as to this point has come from a varied background at IBM, which enabled her to have a deep understanding of how the business really works. She said that's going to be increasingly critical as companies establish data protection officers under the GDPR. 

"I think I represent the logic of a data privacy expert that is really understanding the company," she said, adding that she's able to really contribute to GDPR principles like privacy by design because she has a strong understanding of how IBM's systems work. 

DPOs will really "need to have a good understanding of the processes and how the company is organized," she said. "Being purely an expert without having that understanding and knowledge, in today's world, in the complexity generated by the GDPR, the challenges would be extremely difficult." 

Asked whether Cabella will serve not only as CPO but also as, officially, the company's DPO under the GDPR, Cabella said she's not in a position to answer that at this time, as the company is still developing its strategy there. 

In the end, Cabella sees herself, and her homebase in Europe, as revelatory in regards to the global nature of commerce today and the privacy concerns that have proliferated alongside its growth. 

"I view my role is really in a sense to bridge between what maybe years ago could have been perceived as two worlds," she said. "Our idea is for IBM to be a single world in the protection of customers' data." 

photo credit: Anomalily Day 214: World in my Hands via photopin (license)

Author
Angelique Carson, CIPP/US Angelique Carson, CIPP/US
Tags
Privacy Business
Privacy Community
Privacy Law
Privacy Operations Management
Comments

If you want to comment on this post, you need to login.

Related Stories
What does the GDPR require of DPOs?
Based on surveying data protection officer job postings, companies are trying to fill DPO positions with junior associates with only a few years of experience. Many are treating the DPO as merely an IT role with no legal experience, or as a compliance role with no real IT experience. But what does t...
Read More queue Save This

""

Related Stories
Tags
Privacy Business
Privacy Community
Privacy Law
Privacy Operations Management
Recent Comments