3 Tips for Privacy Professionals

Nationwide Insurance CPO: "Find a Mentor"

By , March 5, 2012.
3 Tips for Privacy Professionals

The privacy profession is evolving, says Kirk Herath, Chief Privacy Officer of Nationwide Insurance. For those who are new to the profession, Herath offers three pieces of advice.

See Also: CISO Agenda 2015: Adding Value to a Security Program with Application Security

First off, find a mentor, says Herath, the longtime privacy officer at Nationwide. "If you're young and you're in college, or you're just starting out, go to LinkedIn and search for people in your profession who you may know or you may have a connection through somebody else with - get to know them," he says in an interview with Information Security Media Group's Tom Field [transcript below].

Next, learn the rules, laws and standards. "Learn them backwards and forwards, and then join an industry," Herath says. "It's one thing ideologically or philosophically to understand these laws; it's another thing to practically work with them in a real operating enterprise."

Lastly, privacy professionals need to take advantage of the multitude of certifications available today. For example, the International Association of Privacy Professionals offers certifications in different areas, from U.S.-specific to privacy technology, even government focused.

"And don't ignore information security," Herath says. "Information security is the yin to the privacy yang. It's very important to learn how privacy and information security intersect."

In an interview about privacy trends, Herath discusses:

  • The trends that concern him most this year;
  • Legislative issues to watch closely;
  • How the profession needs to evolve to keep pace with threats.

Herath is vice president, associate general counsel and chief privacy officer for Nationwide Insurance Companies and affiliates based in Columbus, Ohio. He is responsible for all legal issues impacting privacy, information security, technology and information systems, contracts and supply services management, confidentiality and data integrity.

Herath is past president of the International Association of Privacy Professionals and serves on several of its committees. He also served on the U.S. Department of Homeland Security's Data Privacy and Integrity Advisory Committee from 2005 to 2011.

TOM FIELD: We spoke during the middle of last year. How would you say your role at Nationwide has evolved in the months in between?

KIRK HERATH: It's hard to say. I've been doing this now for going on 13 years so it has definitely evolved. In the last year I got another group attached to my office, the contracts management group, which has always been rather closely aligned with my shop because of the importance of making sure that the contracts contain all of the necessary protections and controls for our data, whether it's offshore or with third parties. In that sense, it leads credence to the evolution of the role in general across at least the United States, which very often grows organically. From the very beginning, it obviously has become a much broader role. It started out very narrow in just looking at privacy compliance. Now my operations include the security law, contracts and I also support the entire IT organization from an IT law perspective.

Growing Impact of Privacy

FIELD: Recently, privacy has been in the news in part because of new policies that are promoted by Google and part because legislative bodies are interested in privacy. With all this external discussion of privacy, how does that impact what you do in your job? Do you get more questions about your role?

HERATH: I'm not sure I get more questions. As I said, we've been doing this so long here at Nationwide that we're kind of a fixture. We're part of the culture now. What it does, however, is I think it increases awareness among executives and employees when they hear things externally and therefore it leads more credence to recommendations and advice for programs that my office might be putting forth. Then, from an external perspective, it does afford me an opportunity very often to speak to people like you as well as to conferences. Definitely it's something that has not gone off the boil as far as an issue in the last seven, eight or nine years.

Biggest Challenges

FIELD: What would you say today are the biggest challenges that you're facing in your job?

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Singapore to Open Cybersecurity Agency

Starting in April, Singapore plans to have a dedicated and centralized cybersecurity agency. But...

Latest Tweets and Mentions

ARTICLE Singapore to Open Cybersecurity Agency

Starting in April, Singapore plans to have a dedicated and centralized cybersecurity agency. But...

The ISMG Network