With privacy and data protection taking the helm of headline news with increasing regularity, it has become much easier for privacy pros to explain what exactly their job entails. As more turn to a career in privacy, others have chosen to distinguish themselves from crowd. One example of late: PwC Canada. To prove a privacy commitment to its staff and clients, the firm made the decision to roll out IAPP training to staff, and eventually, has plans to introduce training to clients.
Director of PwC's Cybersecurity, Privacy, Assurance, Constantine Karbaliotis, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP, explained that making a commitment to privacy is all the more essential now. He said, “Privacy has come into its own and businesses are paying attention. There are plenty of people who can say ‘I do privacy,’ but what does that mean?” To set the firm apart, PwC introduced IAPP certification training to its employees, starting with the CIPP/C and CIPM.
Karbaliotis said, "We are trying to tailor it to where our employees are going to get the best value, given their what their roles are within the organization and the groups they belong to." While the CIPP/C was important for the core privacy team to demonstrate an understanding of the legal requirements of Canadian privacy law, he noted that because of its program management component, CIPM certification training was of great interest to staff. Looking forward, he expects CIPP/US, CIPP/A and CIPT to make an appearance in future iterations of the training.
“One of our mantras within PwC is ‘building trust.’ This presents a key opportunity – learning and formalizing one's understanding of privacy together. Many times, people have been working in this area for some time, but they haven’t been given the formal methodology,” he said. Beginning with the core privacy team and expanding to the broader cybersecurity practice and beyond, Karbaliotis said the expectation is that by delivering IAPP training, it will help reinforce a deep privacy culture and awareness across the firm.
Karbaliotis said that while a certification doesn’t create a privacy professional, it formalizes what people have often done in their career and sends an important message of a commitment to privacy. He added, “When you invest in your employees, I think that sends a very important message about their value to the organization. It shows that you want to see them continue to learn and advance, and to remain relevant. It’s critical from that perspective. When you give that formal methodology, that understanding around the things they are already doing, it makes them better at their job and, I think, it makes them enjoy it more.”
Maria Koslunova, CIPP/C, CIPP/US, CIPM, FIP, manager of PwC's Cybersecurity & Privacy practice said, “As we communicate with our clients, one of the challenges we see in the market is that there are siloed operations across organizations. We want to make sure we practice what we preach and ensure that our staff is capable of understanding privacy considerations and integrating them into response solutions.” She added that the firm sees this not only as an opportunity to educate employees, but as a way to create an educated consumer base. Koslunova said the PwC will be in a greater position to be seen as privacy thought leaders and educators in the privacy space, particularly with client training expected to come later.
Now that the firm has two trainings under their belt, and more anticipated for the spring, both said the initiative has been very well received. Noting an increased demand for certifications in the field, Koslunova said, “The IAPP is such a distinguisher within the market, having the certifications certainly helps to differentiate ourselves. It's immediately recognizable." With trainings led by Karbaliotis and Koslunova, the pair admit one of the greatest challenges so far comes down to finding meeting space to host 20 to 30 people for the training session.
"We're seeing lots of positives come out of this. Employees are better able to recognize opportunities where the core privacy team should be brought in and can design with privacy in mind. You have to lead by example, we have to show clients that this is the way to go. We're making a commitment to privacy and data protection, not only to the market but to our employees," said Karbaliotis.