Any editor at any given publication will tell you having too much content is a really good problem to have. The Privacy Advisor saw more content and contributors in 2014 than it has in any year prior. That’s thanks at least in part to the fallout from the Summer of Snowden in 2013, Europe’s impending data protection regulation and mainstream media headlines announcing a steady stream of reputation-crushing breaches at household-name companies like Target, Home Depot and Sony.
Below is a recap of the top 10 of 2014. Check out the stories that resonated most with your peers.
If there’s any lesson we’ve learned here at the IAPP about the kind of content our readers want, it’s that you're looking for news you can use. Perhaps that’s why our piece on how to effectively evaluate the data that privacy pros collect did so well. It summarized Microsoft Senior Privacy and Safety Strategist Tracy Ann Kosa’s suggestions for attendees at the IAPP Canada Privacy Symposium on how to provide evidence of data privacy compliance, data-driven decision-making and the overall impact of the privacy program. “If you’re a big company with tons of resources, you probably have a risk process in place,” Kosa said. “If you’re a privacy officer in a smaller company, you are the risk process.”
Given cases like Wyndham, then, it’s no wonder readers were interested in a piece by IAPP Westin Fellow Patricia Bailin, CIPP/US, exploring how to stay out of trouble with the FTC. As part of the FTC Privacy Casebook project, the IAPP’s Westin Research Center is exploring FTC privacy and data security consent decrees to try to parse out what an acceptable level of privacy and data security could be to help privacy pros make good decisions within their organizations. Looking at FTC consent decrees, Bailin suggests possible guidelines for complying with FTC privacy and data security standards based on what the FTC has determined inadequate. In other words, by pointing out what companies did not have in their programs, the FTC provides a peek at what, in its opinion, these companies should have done. Read it if you missed it. Stay out of trouble.
On the other side of the pond, there’s a debate going on as the EU works to revise its data protection regulation. You may have heard that’s something they’re trying to do? John Bowman of Promontory Financial Group has been keeping readers up-to-speed on the developments from Brussels, including the momentous occasion in November when it became clear the regulation will be finalized in 2015. On December 5, the proposed reg advanced one step further.
While the regulation will mean sweeping changes for European data protection and privacy, so will a new commission. In September, IAPP Publications Director Sam Pfeifle looked at what the Financial Times called “one of the biggest overhauls of the EU executive in more than a decade.” The changes included two “high vice presidents,” five vice presidents and 20 commissioners, rather than the old format of 27 commissioners. Pfeifle noted those in the privacy world will want to pay particular attention to the “Digital Single Market” project team, headed by VP Andrus Ansip, who will oversee the conclusion of negotiations on Europe’s data protection reform as well as the review of the EU-U.S. Safe Harbor.
Speaking of Safe Harbor, readers continue to be interested in the ongoing negotiations between the European Commission and the U.S. Department of Commerce, which oversees Safe Harbor. Perhaps that’s why there were so many clicks on our recent report out of Brussels on the live conversation between Article 29 Working Party Chairwoman Isabelle Falque-Pierrotin and the U.S. Federal Trade Commission’s Julie Brill. The chat was relatively benign until Safe Harbor became the focus. Then, Falque-Pierrotin got serious. “DPAs are expecting real answers. We will be very vigilant,” she said of watching to see that the U.S. makes good on its commitment to work on the European Commission’s 13 recommendations on how to make Safe Harbor safe from extinction.
Staying out of trouble can be difficult when more than simply one organization are involved. When third-party vendors get involved, things can get messy. Recognizing a need for education on this, K Royal, CIPP/US, CIPP/E, of Align Technologies, has been hard at work writing an eight-part series on the elements necessary for a successful vendor-management program. You can find all of the ongoing series, thus far, at the IAPP Resource Center.
Besides practical advice like that given by Royal in her series on vendor management, we’ve learned here at the IAPP Publications Team that privacy pros like learning about each other; what each others’ daily tasks are, who reports to whom, what the greatest risks faced might be, maybe even who’s hiring. Our story on PwC’s recent recruitment of more than a dozen high-profile privacy pros had a lot of eyeballs on it.
Finally, tactical advice on how to get the job done is always highly sought. As Safe Harbor continues to get negative press and as companies become more complex and global, binding corporate rules (BCRs) are increasingly an attractive alternative for transferring personal data globally. Hewlett-Packard recently became the first company to be approved under both the BCR and Cross-Border Privacy Rules frameworks. HP executives talk about the processes involved and what companies considering seeking approval under either system should expect.
If you want to comment on this post, you need to login.