Greetings from San Francisco!
What a whirlwind week here at the RSA Security Conference, where the EU General Data Protection Regulation is making some waves. On Monday, we hosted a half-day track on security’s role in the GDPR, and there was clearly a lot of interest in the new regulation among many in the security industry. Our room filled up, and attendees were very inquisitive about the GDPR’s obligations. As we’ve been saying for some time now, the GDPR’s effect on organizations’ privacy obligations is reminiscent of the effect Sarbanes-Oxley had on security obligations back in 2002.
Baker & McKenzie’s Lothar Determann provided folks with a succinct download of the regulation. There was so much interest among security folks that Determann stayed after the track ended to answer questions. Fieldfisher’s Mark Webber and Autodesk’s Alexandra Ross fleshed out some of the data security provisions in the GDPR, and Ross added another session on the role of the DPO.
We were not exactly sure how much interest there would be with regard to the DPO in this community, but to our pleasant surprise, there was quite a bit. Many were curious about what kind of relationship the DPO would have with information security teams.
Finally, I moderated a panel discussion on privacy technology and the GDPR with TrustArc’s Hilary Wandall, Avepoint’s Dana Simberkoff, OneTrust’s Blake Brannon and Nymity’s Teresa Troester-Falk. A big topic for us revolved around working with security teams to implement technology to help with GDPR compliance. There was some concern security teams were going to take on more responsibility because of the GDPR effect.
That was one big reason why we were there: to help advocate for the privacy office and show how helpful and needed privacy teams are when tackling complex compliance issues. These are clearly important times for the privacy profession. Being able to work hand in hand with the security team is going to make privacy professionals more valuable assets to companies as this new post-GDPR world takes effect.
I was also lucky enough to grab a ticket for the OURSA Conference at Cloudflare’s headquarters near AT&T Park. I wrote a brief article on one of the key takeaways from the day: the importance of a user-centric approach to privacy and security design. Not only does this include legal and security obligations, but it also demands a human approach to design, to consider at-risk populations, women and minorities, the elderly, children, journalists, and many others. The conference was a very productive reaction to the lack of gender diversity among RSA’s keynote speakers. As I mentioned in my Privacy Tech piece the other day, the conference itself was a signal that traditional male-biased norms need to make way for other perspectives and needs. We’re pretty lucky in the privacy profession to have quite a bit of diversity in our field. It was a good sign to see how successful the OURSA Conference was, and I hope ideas presented during Tuesday’s event will continue to bleed into the more traditional security industry.
Of course, there was a ton of U.S.-based privacy news this week, so happy reading.
Comments
If you want to comment on this post, you need to login.