What do Terry Pratchett novels, privacy education, and curling all have in common? Constantine Karbaliotis, FiP, CIPM, CIPP/C, CIPP/E, CIPT, CIPP/US. He's the vice president of Nymity's Privacy Office Solutions and a stalwart IAPP volunteer, and he's come to this month's Volunteer Spotlight ready to share insight from both experiences.
The Privacy Advisor: What do you do, and how does it touch on privacy and security?
Karbaliotis: I am responsible for a group within Nymity that supports our clients, Privacy Office Solutions. What we do is help our clients understand Nymity solutions in the privacy office and support their function as a privacy officer. I’ve also been a privacy officer [before Nymity].
The Privacy Advisor: What got you into privacy in the first place?
Karbaliotis: I was in consulting. And the project manager came up and said, “You! You can read a statute. We need a privacy officer!” I had a legal background, although I was in consulting. I was reluctant, but I found this was an interesting combination of both law and technology.
"Many organizations think that the problem is solved by hiring a chief privacy officer. That’s really only the beginning. “Oh, we’ve got a privacy off everything is good!” That’s not how it works. Many of my calls turn into grief counseling sessions."
The Privacy Advisor: What do you love most about the privacy field?
Karbaliotis: I’ve always been interested in technology, and even from early on, when I first started practicing law, I started getting into technology. [Privacy] combines the two things I’m interested in, which is law and technology. What I do is teach, and solve problems, and analyze, consult — so the labels change, but really what I do stays the same. People tend to be drawn to those things that they like to do, and privacy has given a chance to do all those things.
The Privacy Advisor: What are the typical headaches you run into as a privacy professional?
Karbaliotis: Not so much a source of headaches for me as for my clients. Many organizations think that the problem is solved by hiring a chief privacy officer. That’s really only the beginning. “Oh, we’ve got a privacy off everything is good!” That’s not how it works. Many of my calls turn into grief counseling sessions. “Why won’t management listen to me?” The real challenge is to help clients understand how our solutions function, to help them turn around and make a business case to their own management.
We’re at a place [as an industry] to do things better. The [current attitude] isn’t scalable. I’m trying to help professionals make a business case to get automated; to better handle the responsibility that they have, and to help them get to the place to articulate to their own management to help them get the resources to function. The challenge still is to make sure they have the right resources and the right capabilities to actually face the challenge.
The Privacy Advisor: The privacy and security field is constantly changing. How do you stay sharp amidst all that flux?
Karbaliotis: Well, you have to constantly read. You have to be researching. That’s an inherent part of being in this occupation. It’s similar to being in the practice of law — you can never assume that things are going to say the same. You not only have to stay current with legal developments, but also with technology. It’s a challenge. That’s what’s great about privacy; you literally are touching everything. You can’t do business today without touching on personal information. You have to see what [organizations] are doing and be a part of it. Go to conferences and hear what people have to say. The staying-up-to date part is really in everything we have to do. I don’t think there’s a day where I’m not learning about privacy.
The Privacy Advisor: How did you first become involved with the IAPP, and how do you volunteer?
Karbaliotis: I had been doing a privacy-entrance risk assessment for a Canadian subsidiary for an American company, and one of the consultants said, “Do you do know about this thing called the IAPP?” I said no. But I sat for the first writing of the IAPP in New Orleans in 2004. I’ve been drinking the Kool-Aid ever since. I’ve been on an advisory board. I think I’ve been in the first writing of every CIPP ever since. I love teaching, so I’ve been doing some teaching of the CIPP in Canada. When I think about talking with the IAPP, I think it’s just an extension of that. At a point, you have to start sharing what you know. I think that’s about evolving of profession — contributing.
The Privacy Advisor: What would you say to encourage privacy pros to volunteer with the IAPP?
Karbaliotis: If you’re not a member, you should be if you’re in privacy. You need to stay current. That’s one of the ways that IAPP does things the best, the knowledge that comes from this group. Privacy can be isolating. It’s a relief to be among privacy people, to share experiences, problems, and to know you’re not alone. To learn. This is one of the important aspects of the profession: the idea of a community.
In terms of involvement, if you have reached a certain point in your career where you have something to offer, it’s incumbent on you to share it. You want to encourage and teach people. The other side is professional development. That’s what FiP [Fellow of Information Privacy] is. [A recognition] that you’ve not only been through the ringer, but also that you’ve contributed. Not just that you’ve got the battle scars, but that, "I’ve made a positive contribution."
The Privacy Advisor: What could the privacy community as a whole be doing better?
Karbaliotis: Well, I think we could be talking more about the ethics about being a privacy officer. Because you know, it’s very easy to hang out your shingles and say, “I do privacy.” I think this is why the IAPP certifications are very important — we need to know that you have the basic level of understanding. They really ensure the organizations who are hiring privacy people are confident that they [know their stuff].
Also, how we conduct ourselves, ensuring that we do keep up-to-date. I think that’s an ethical commitment, as well as one to yourself, so that you’re offering the right information. While privacy is often on the front page of the newspaper, it’s often a surprise to people that there’s a profession. We could do more to communication to the public that there is a group of people behind the curtain.
The Privacy Advisor: What do you enjoy doing when you’re not working?
Karbaliotis: Well, let’s see. I’m Canadian, so I curl. So there’s that, activity-wise. I read. I’m a big science-fiction aficionado. That helped me in my love of privacy and technology, and thinking about the social implications of things. That’s what most good science fiction is about.
The Privacy Advisor: What's the last book you read?
Karbaliotis: “The Long Earth” by Terry Pratchett & Steven Baxter, from “The Long Earth” series. It’s really about parallel worlds that we find the way to slip into. It’s a great book by a great writer. And the one I'm looking for next is the "Dresden Files." It’s more of a fantasy series, magic in the real world.
If you want to comment on this post, you need to login.