Career Insights with Upasana Gupta

4 Essential Skills for Future Privacy Officers

World of the Future Requires Skills in the Present
4 Essential Skills for Future Privacy Officers

To quote from a recent piece written by Nuala O'Connor Kelley, chief privacy officer at General Electric and president of International Association of Privacy Professionals (IAPP), and Michelle Dennedy, Oracle's VP for security and privacy solutions:

"Imagine waking up in the morning, not because of an alarm clock, but because your bio alarm identified the peak time within your REM cycles to awaken you fully refreshed. You jump on the treadmill and it sends your exercise performance and bio-readings over the Internet to your personal health record (PHR). You grab some orange juice from the refrigerator, which records the amount taken via an RFID reader. It also sends that information to your PHR and updates your weekly grocery list, which is stored on your handheld device. The monitor in the kitchen displays all the social network updates and news stories -- translated from foreign news organizations around the world -- that it has learned you are most interested in. It has also prioritized all your incoming e-mails, texts and voicemails from the previous eight hours based on your past message management.

"At the top is a meeting invite from your doctor, who would like you to come in to receive your DNA-personalized nutritional supplements and anti-carcinogen nanobots, and also talk about the cholesterol alerts he's been getting from your PHR. You hop in your electric car, which recharged at two o'clock that morning at the direction of the smart grid. You drive, obeying the posted speed limit, knowing that your insurance company will drop your rate if you do so. As you pass by your dry cleaner, your car's speakers sound an alert to let you know that your suit is ready. It's only 9:00 in the morning, but you've already generated a terabyte of data in your personal account in the cloud."

Again, that's a vision of the future painted by two privacy thought-leaders. Such a scenario may appear too far fetched when read, but I think it is possible given the capabilities and changes we have seen in technology.

Lets look into the privacy profession, which is moving from regulatory compliance and breach notifications to being identified by development in applications such as mobile technology, cloud computing, social media and electronic health records.

There are new dynamics shaping privacy and the privacy profession today, and ultimately there are new skills demanded from professionals to successfully embrace the future.

The top four skills needed for the next generation privacy officers include:

  1. Convergence with IT Security and Risk -- Privacy officers will need to understand the threats and risks associated with different levels of protection and sharing of information. For instance, with the advent of electronic health records, where thousands of patients' records can be accessed in a matter of minutes, the privacy officer will need to address the IT risk factors on how service can be maximized, but privacy risks eliminated. How can information sharing be limited, leading to reduced risk? What will be the potential risks for data usage in such cases? How will they be able to effectively secure this data? In my conversation with Brian Dean, a HIPPA privacy officer at Key Bank, he discussed how privacy will soon be a risk-based approach, and officers will need to know which threats and risks they are trying to mitigate by taking a particular course of action.
  2. Encryption Technologies -- As more and more information is stored or communicated via computers, the need to ensure that this information is protected becomes more relevant. Privacy officers will therefore need to gain technical expertise in encryption technologies to protect the increased amount of confidential information and data collected and used on networks and smart grids. Dean is already seeing a big emphasis on encryption in his role, especially as the Health Information Technology for Economic and Clinical Health Act's security provisions and heightened enforcement are forcing hospitals and their business associates to incorporate encryption methodologies to protect their patient's and consumer privacy.
  3. International Privacy Laws: As the privacy function gets extended beyond national boundaries, a key skill needed for privacy officers will be to understand how countries are regulating privacy, and what laws are impacting which sectors and technologies. How are these regulations protecting the security of information? In addition, international privacy laws have also taken precedence as companies engage in outsourcing information to contractors and sub-contractors overseas. Privacy officers such as Dean and Ken Newman, a security and privacy manager at a community bank, find themselves looking for resources on international regulations such as the E-Privacy Directive adopted by the European Union and the Personal Information Protection and Electronic Documents Act, or PIPED Act, regulated by Canada to find out and learn more about how private sector organizations collect, use and disclose personal information in the course of business activities in these countries.
  4. Cloud Computing & Privacy Implications -- Again, as businesses are adopting cloud computing technology, privacy officers will need to understand the privacy and confidentiality risks associated with this. A typical information exchange in cloud computing occurs when a user shares information with the cloud provider. A privacy officer here should know whether any and all information can be legally shared in a cloud service. How is information stored on remote servers? What are the terms of service and privacy policy established by the cloud provider? What types of protection standards apply to different types of information stored?

These are a few areas that privacy professionals will need to focus on as they take initiative to build trust and play an active role in the next decade.

For training on these skills, I suggest looking into resources offered by organizations including: American Health Information Management Association (AHIMA); HIPAA privacy and research training program at the University of Louisville; Risk insurance Management Society; Computer security resource center at NIST; Privacy International; International Association of Privacy Professionals and ISACA.

What are your thoughts on the next generation of privacy officers? Share with us.

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.