5 reasons you need to hire a Chief Privacy Officer

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.cio.com/article/3027929/leadership-management/5-reasons-you-need-to-hire-a-chief-privacy-officer.html

As data becomes a fundamental part of operations in nearly every industry,
businesses are finding that privacy measures are becoming equally as
important. Unfortunately, research suggests that businesses don't
understand how vital privacy practices are and treat it an afterthought.

A study by cloud-based data protection provider Druva on the "State of Data
Privacy in 2015" asked 214 people worldwide at companies with 100 to 5,000
employees how they are tackling data privacy. Of those surveyed, 81 percent
reported their business had government privacy compliance and regulation
requirements to meet. However, 93 percent of companies reported that they
found it difficult to ensure data privacy and 71 percent reported
challenges with keeping up with regulations and compliance around privacy.

That's why many companies are considering hiring a chief privacy officer
(CPO) to help shape the future of security in the enterprise. Deema Freji,
global privacy officer of security services provider Intralink, stresses
the importance of C-suite executives investing in a CPO in 2016. She says
companies that don't take hiring a CPO seriously stand to lose their
"reputation and a lot of money if they're fined and exposed." Here are five
reasons, according to Freji, why you should seriously consider hiring a CPO
in the coming year.

1. Changing business landscape

The rate at which data has become important to companies is growing as
quickly as technology is changing. Businesses are starting to realize how
data can revolutionize the way they operate. Unfortunately, with the good
comes the bad; and the bad with data is protecting and securing sensitive
information. And it's not as easy as just hoping IT will take care of
ensuring data is protected, according to Freji. Businesses need to invest
in privacy regulations, especially as new rules and regulations arise. For
most companies, that means hiring someone who knows the ins and outs of
data privacy -- like a CPO.

"The data privacy landscape is drastically changing in the next few years,"
says Freji, "This means that companies will need dedicated resources to
work their way through pending regulations, which will be complex to say
the least."

2. Europe's General Data Protection Regulation

In the coming year, Europe will have a big impact on the way businesses all
around the world need to evaluate privacy. Freji points to a new initiative
called the General Data Protection Regulation (GDPR) out of Europe, which
is implementing regulations that will impact any company operating in
Europe. It's aimed at giving citizens more control over their personal data
by implementing regulations for the way businesses handle private data.

Failure to meet these new requirements means businesses "could be fined up
to 4 percent of annual global revenue if there are any serious data
breaches," says Freji, "which is a serious hit to take if it can be
avoided."

3. Mandated CPO

On the heels of Europe's GDPR comes another reason to hire a CPO. You might
be legally required to have one. Part of the regulations include mandating
that companies have a CPO, so if you do business in Europe, you may be on
the hook to hire one of these professionals. "It's best to prepare now, as
things are finalized and implemented across two years, instead of playing
catch up. By then, it will be too late," says Freji.

4. Rising number of high-profile breaches

It's been hard to miss the number of high-profile data breaches over the
last couple years. Companies from Sony to Target to Home Depot have faced
PR nightmares thanks to data breaches. Although much of the enterprise
world hinges on technology, there is still a lot of room for human error
behind each computer screen. That's why, according to Freji, it's vital
that companies hire a CPO to implement a strong and successful security
strategy to help ensure business and customer data stays safe and secure.

"A CPO helps develop strategies to support how personally identifiable
information is protected from these types of incidents, and can fully brief
the c-suite on the issues -- both technical and business -- which could
arise from a breach," she says.

4. Avoid a PR nightmare

Having a proactive strategy in place to protect against a security breach
isn't only smart to protect data, but also your brand reputation. Freji
points out that data breaches are national news these days, and one bad
data breach can mean a world of hurt when it comes to damaging your
company's reputation. Since CEO's can't have their eye on everything, and
CIOs are busy enough with IT, a CPO is the next logical step to help
prevent a PR nightmare before it happens. Worst-case scenario, a CPO can at
least work to diminish the effects of an attack and create a strategy to
avoid future problems.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.