Greetings from Zurich!

As I write, my colleague Wills Catling, CIPP/E, CIPP/US, CIPM, CIPT—whom many of you know—and I are visiting a number of European IAPP members and privacy stakeholders in London, Zurich and Basel this week.

We left London after having attended a very successful London KnowledgeNet social event, bringing together 60-plus members for a relaxed evening, as well as having met with a number of members in their offices over the last two days. It never ceases to amaze me the widespread recognition of a need for a clear and definitive understanding of how privacy becomes an integral business driver, both from an internal process perspective as well as with customers and partners.

One particular discussion that epitomized the multilayered privacy complex happened with Transport for London (TfL). A statutory corporation of the Greater London Authority, it oversees and delivers transport services across the capital. Amongst the more obvious transport services, it is also responsible for maintaining all of London’s roads and traffic signals, managing the London congestion charge, as well as regulating the taxi services trade. The personal data processed by TfL is staggering: 19 million Oyster Cards (transport payment cards) were used in the last 12 months, of which five million were actually registered online. The TfL master customer database contains more than eight million contact records. And that doesn’t even include data collected via TfL smart apps, as well as mobile and WiFi data. The customer and road user data provides rich analytics on travel patterns and behavior and serves to plan, design and maintain the transport network; big data analytics is increasingly a key business driver for service definition. Plus, there are the 28,000 employees who work for the TfL.

The complexity of such data operations also brings into question the level of liability and risk exposure organizations face. While meeting with a London insurance broker, it became clear that insurance protection against privacy violations is also very much in demand in Europe and the insurance market is responding and insuring for risk. The costs associated with a breach scenario can be varied, covering multiple areas of address such as legal, forensics, as well as PR response. In short, forward-looking business leaders should probably be examining their organizational liability and acting accordingly.  

The role of data protection officer is evolving well beyond the traditional legal professional sitting in a compliance role. We have been hearing this firsthand this week. Whereas legal still has a predominant relationship with data privacy, we listened to members explain how data privacy now crosses all verticals in an enterprise, becoming a market differentiator as well as a significant revenue driver. By utilizing a company’s data in the correct and legal manner, our members are adding new value to their business, as well as to the lives of their employees and clients.

That can only be a good thing for privacy professionals looking to advance their careers around the globe.