Biggest Security & Privacy Topics of 2011

"We're Still Learning How to Do Data Security Right"

By , January 25, 2011.
Biggest Security & Privacy Topics of 2011

W

See Also: Mobile Deposits & Fraud: Managing the Risk

hen it comes to sizing up the privacy agenda for 2011, there's no bigger topic than data security.

"There's no question that data security continues to be a very significant concern," says Lisa Sotto, managing partner at law firm Hunton & Williams LLP's Privacy & Information Practice. "Where CEOs might not have focused on that as an issue several years ago, I would venture to guess that just about every CEO of a major company today is quite concerned about data security."

Specifically, organizations should be taking hard looks at their practices re: social media, portable media and security training for employees. There has been progress in each of these areas, Sotto says, "But the consensus is that we're still learning how to do data security right."

In an exclusive interview on the year's security/privacy agenda, Sotto discusses:

  • Top security and privacy issues of 2011;
  • Where organizations are most vulnerable;
  • Pending regulatory and legislative issues to watch.

Sotto is the Managing Partner of the New York office, and her practice focuses on privacy, data security and information management issues. She was rated "No. 1 privacy expert" in 2007 and 2008 by Computerworld magazine. She also earned a number one U.S. national ranking for Privacy & Data Security from Chambers and Partners. In addition, Hunton & Williams LLP's Privacy & Information Practice received a number one U.S. national ranking from Chambers in Privacy and Data Security.

Sotto assists clients in identifying, evaluating and managing risks associated with privacy and information security practices of companies and third parties. She conducts all phases of privacy assessments and information security policy audits. Ms. Sotto advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA/FACTA, Privacy Act, security breach notification laws, and other U.S. state and federal privacy requirements (including HR rules); Canada's PIPEDA; and global data protection laws (including those in the EU and Latin America). She drafts and negotiates contractual agreements concerning data uses, security and confidentiality. She also develops corporate records management programs, including policies, procedures, records retention schedules, and training modules.

TOM FIELD: To get us started why don't you tell us a little bit about yourself and your work, please?

LISA SOTTO: Sure. I head up the global privacy and data security practice at Hunton & Williams and our practice is really comprised of three parts. We do work on pure play privacy issues, which essentially means any issue that involves the appropriate use of personal information.

We also have a very significant data security practice ,which involves both the proactive and reactive side to data security, dealing with data breaches and data leaks; and then also helping companies to ensure that they have the strongest possible policies and procedures in place with respect to data security.

We also handle the regulatory side of records management, so that we help companies manage their records in a way to be most protective of privacy and data security issues.

Top Privacy Issues of 2010

FIELD: Lisa from your perspective, looking back on this year past, what would you say were the biggest security and privacy issues that we dealt with?

SOTTO: Well I would say it was a banner year for privacy and data security. There is so much happening in this area and so much to look forward too. Probably the biggest ticket items included items like behavioral advertising. This is an issue that is on everyone's radar screen and very much on the radar screen of the Federal Trade Commission, as well as lawmakers in Washington, so we will hear quite a bit about this issue going forward.

Cloud computing is another very important issue in the recent agenda for privacy professionals. It is clear that many, many functions are moving to the cloud. The question is going to be how to deal with the various privacy and data security rules in the many jurisdictions around the world when those rules in some cases conflict with each other, and where data is residing in many different locations at the same time.

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Buying Cyber-Insurance: 5 Tips

As more organizations consider cyber-insurance coverage in light of high-profile data breaches,...

Latest Tweets and Mentions

ARTICLE Buying Cyber-Insurance: 5 Tips

As more organizations consider cyber-insurance coverage in light of high-profile data breaches,...

The ISMG Network