I'm writing this week's intro to the notes from Portsmouth, New Hampshire, which is where you will find IAPP headquarters.
I attended the IAPP's annual leadership retreat, bringing together many board members, along with a good handful of privacy thinkers and doers, to talk through some of the great challenges and issues facing our profession.
The overarching theme of these discussions: Digital entropy. This concept captures the state of uncertainty, disorder and, at times, even chaos privacy practitioners face as a result of digital innovation and growing regulation.
It's clear chief privacy officers are increasingly expanding their roles to take on digital governance. Most retreat attendees said they have an "and" after their CPO title. What follows the "and" tends to be "ethics officer," "compliance officer" or "artificial intelligence governance." One CPO cheekily said their title was "CPO and fries."
Clearly, the more recent advancements in technology — mostly AI — are forcing our profession to adapt and evolve, and take on more responsibility.
Broader discussions on AI at the retreat included an interesting look at the definition of AI that spoke further to entropy.
Depending on who you are, the definition is different. AI to our customers is artificial intelligence, to our regulators it is machine learning, and internally to coders and engineers it is algorithms or data. The point made was that a common vocabulary is urgently needed amongst the different types of people working in this field.
Apart from just organizing our vocabulary or nomenclature to get through some of the entropy, the presenters also often spoke about how better communication skills — both internal and external — are needed, at all levels.
The "CPOs, etc." of today need to quickly to become the office of "how" and no longer the office of "no." But let’s recognize that this will take time, effort and creativity.
The way the regulators regulate needs to evolve as well, requiring much more collaboration among regulators and across sectors.
Privacy Commissioner of Canada Philippe Dufresne spoke on a retreat panel that highlighted some of the domestic and international cooperation by his office right now. Dufresne predicted that this type of work is only going to grow in volume and intensity in the coming years. He also spoke about how regulators need to use a combination of incentives and punishments to encourage good outcomes.
Another clear retreat theme was the need for more people doing this important work.
To this end, while it is always nice to see old friends and familiar faces, it was also encouraging to see some new and brilliant people participating at this event. It was similar to what we saw at our IAPP Canada Privacy Symposium 2024 a few weeks ago when nearly half of the 1,100 attendees were first-time participants.
This profession is growing quickly. It is becoming more complex — resulting in a degree of entropy — and we need many more people to pick up the task of bringing a semblance of order to some of the chaos.
The networking aspects of the retreat were also awesome and, as usual, the IAPP staff put on an extremely professional, entertaining and educational two days in a wonderful setting. Plus, we had lobster.
I'll let you go so you can start enjoying your weekend, but first, let me share an analogy I heard about AI which may resonate with some of you.
In one of our breakout sessions, one participant suggested AI is analogous to a new puppy. When you have a new puppy, everyone wants to play with it, cuddle it, teach it tricks etc.
But, puppies grow — they live for years. Someone has to be responsible for that puppy. They need to be accountable for how that puppy behaves and make sure it doesn't hurt anyone. They need the budget to keep it healthy, fed and safe.
Great stuff that made me think about privacy and AI, but it also made me miss my puppy, which I'm so looking forward to seeing when I get back to Ottawa.
Kris Klein, CIPP/C, CIPM, FIP, is the managing director for Canada at the IAPP.