BreachExchange mailing list archives
5 reasons you need to hire a Chief Privacy Officer
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 1 Feb 2016 18:23:10 -0700
http://www.cio.com/article/3027929/leadership-management/5-reasons-you-need-to-hire-a-chief-privacy-officer.html As data becomes a fundamental part of operations in nearly every industry, businesses are finding that privacy measures are becoming equally as important. Unfortunately, research suggests that businesses don't understand how vital privacy practices are and treat it an afterthought. A study by cloud-based data protection provider Druva on the "State of Data Privacy in 2015" asked 214 people worldwide at companies with 100 to 5,000 employees how they are tackling data privacy. Of those surveyed, 81 percent reported their business had government privacy compliance and regulation requirements to meet. However, 93 percent of companies reported that they found it difficult to ensure data privacy and 71 percent reported challenges with keeping up with regulations and compliance around privacy. That's why many companies are considering hiring a chief privacy officer (CPO) to help shape the future of security in the enterprise. Deema Freji, global privacy officer of security services provider Intralink, stresses the importance of C-suite executives investing in a CPO in 2016. She says companies that don't take hiring a CPO seriously stand to lose their "reputation and a lot of money if they're fined and exposed." Here are five reasons, according to Freji, why you should seriously consider hiring a CPO in the coming year. 1. Changing business landscape The rate at which data has become important to companies is growing as quickly as technology is changing. Businesses are starting to realize how data can revolutionize the way they operate. Unfortunately, with the good comes the bad; and the bad with data is protecting and securing sensitive information. And it's not as easy as just hoping IT will take care of ensuring data is protected, according to Freji. Businesses need to invest in privacy regulations, especially as new rules and regulations arise. For most companies, that means hiring someone who knows the ins and outs of data privacy -- like a CPO. "The data privacy landscape is drastically changing in the next few years," says Freji, "This means that companies will need dedicated resources to work their way through pending regulations, which will be complex to say the least." 2. Europe's General Data Protection Regulation In the coming year, Europe will have a big impact on the way businesses all around the world need to evaluate privacy. Freji points to a new initiative called the General Data Protection Regulation (GDPR) out of Europe, which is implementing regulations that will impact any company operating in Europe. It's aimed at giving citizens more control over their personal data by implementing regulations for the way businesses handle private data. Failure to meet these new requirements means businesses "could be fined up to 4 percent of annual global revenue if there are any serious data breaches," says Freji, "which is a serious hit to take if it can be avoided." 3. Mandated CPO On the heels of Europe's GDPR comes another reason to hire a CPO. You might be legally required to have one. Part of the regulations include mandating that companies have a CPO, so if you do business in Europe, you may be on the hook to hire one of these professionals. "It's best to prepare now, as things are finalized and implemented across two years, instead of playing catch up. By then, it will be too late," says Freji. 4. Rising number of high-profile breaches It's been hard to miss the number of high-profile data breaches over the last couple years. Companies from Sony to Target to Home Depot have faced PR nightmares thanks to data breaches. Although much of the enterprise world hinges on technology, there is still a lot of room for human error behind each computer screen. That's why, according to Freji, it's vital that companies hire a CPO to implement a strong and successful security strategy to help ensure business and customer data stays safe and secure. "A CPO helps develop strategies to support how personally identifiable information is protected from these types of incidents, and can fully brief the c-suite on the issues -- both technical and business -- which could arise from a breach," she says. 4. Avoid a PR nightmare Having a proactive strategy in place to protect against a security breach isn't only smart to protect data, but also your brand reputation. Freji points out that data breaches are national news these days, and one bad data breach can mean a world of hurt when it comes to damaging your company's reputation. Since CEO's can't have their eye on everything, and CIOs are busy enough with IT, a CPO is the next logical step to help prevent a PR nightmare before it happens. Worst-case scenario, a CPO can at least work to diminish the effects of an attack and create a strategy to avoid future problems.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- 5 reasons you need to hire a Chief Privacy Officer Audrey McNeil (Feb 04)