The Need for a Chief Privacy Officer
Nearly every day we hear about another data breach at a major corporation, making the case for a chief privacy officer (CPO) more compelling now than ever. Adams and Reese attorney Roy Hadley discusses the various reasons organizations should employ a CPO.
2.5 quintillion bytes of data — that’s the amount of data estimated by some to be created every day.
Yes, that is 2,500,000,000,000,000,000. Every day.
To put that number into perspective, the length of 1,000,000,000,000 (one trillion), $1 bills laid end to end measures approximately 96,906,656 miles. This would exceed the distance from the earth to the sun. A quintillion is equal to one million trillions. That is a long line of dollar bills!
While a mind-boggling number, it is estimated that due to the internet of things, this amount of data created will continue to grow. It is amazing how this data is created. According to Forbes.com, more than 3.7 billion humans use the internet every day. On average, Google processes more than 40,000 searches every second, which translates to 3.5 billion searches each day. Further, every minute of the day, Snapchat users share more than 500,000 photos.
In short, the amount of data we are creating is hard to fathom.
That said, this data has to go somewhere, and it is usually stored by companies. While Snapchat, Instagram, LinkedIn and Facebook are the social media giants that people typically look at as the big creators and holders of data, many companies are creating and storing data.
For example, automated parking garages regularly keep logs of when someone enters a garage and exits. They also take pictures of license plates and, sometimes, drivers of the car as well. With home security services, cameras are used that have data creation and storage associated. In terms of our purchases, what was bought when and other buying habits are recorded by retail stores.
All of this data contributes to the 2.5 quintillion bytes of data created every day.
For the most part, companies are trying to be diligent about how they handle data. However, the sheer volume demands that special attention be paid to it by companies and individuals.
Enter the Chief Privacy Officer
Many companies have decided to hire a chief privacy officer to help them understand, protect and use data to further their business interests and to ensure compliance with legal responsibilities. A chief privacy officer (CPO) helps companies to set the privacy and data usage strategies within an organization by navigating complex and changing regulatory and legal frameworks globally.
While there are many reasons to have a CPO, most companies look to one or more of the following reasons:
Navigating Privacy Laws and Regulations
With respect to navigating privacy regulations, due to consumers’ and governments’ heightened interests in how much data is being created and how it is used, companies are increasingly forced to comply with and navigate complex privacy regulations. The recent enactment of the General Data Protection Regulation (GDPR) in the European Union is a prime example of such a regulatory scheme. The GDPR is a very complex set of regulations designed to ensure the privacy of European citizens.
However, for companies, compliance with these regulations is a complex endeavor that requires a very specific skill set and very specific knowledge. Most companies will rely on a chief privacy officer in order to meet regulatory requirements.
Additionally, under GDPR, companies are required to appoint a data protection officer for regulatory compliance. Again, a CPO fits this role nicely due to their knowledge of the company’s data collection and usage policy and procedures.
Protecting Customers’ Privacy
Companies are increasingly under the microscope as to how they use customer data. Facebook is a prime example of a company that collects a tremendous amount of data that has been scrutinized for how it uses and sells that data. Companies going forward will be under increased pressure to be transparent about their collection and use of data.
Thus, the CPO will be instrumental in helping companies to navigate those issues.
Avoiding Data Breaches
Data breaches have long been a very expensive proposition for companies. In the United States, because there is no real national data breach legislation, most states have enacted notification laws. Oftentimes, compliance with these laws can be cumbersome and expensive for companies in the event of a data breach. While often in the purview of a chief information security officer (CISO), security also falls within the realm of a CPO when it relates to customer data. Additionally, in the event of a data breach, a CPO can be instrumental in navigating various state laws.
Ensuring Adequate Attention to Privacy at the Leadership Level
With respect to corporate leadership, it is becoming increasingly important to have a voice in the C-suite that champions privacy and understands how a company collects and uses data. While the chief information officer (CIO) of an enterprise often understands the technical aspects of the company’s IT infrastructure, the CPO can go beyond just the technology to truly understand how the information is collected, stored and utilized.
Avoiding Interruptions to Business Operations
Lastly, interruptions to business operations can be very expensive. Even if the operations of a business are not interrupted entirely, privacy concerns can have a real impact on the ability of a business to sell to consumers, as well as a tremendous impact on the overall bottom line. Facebook, Equifax and Target are all examples of how data breaches or the misuse of information contributed to a negative impact on the company’s bottom line.
Additionally, privacy issues and data breaches can result in increased regulatory and legal scrutiny for companies, along with legal liability from lawsuits and the tarnishing of the brand.
Therefore, it is increasingly important for companies to have someone in the privacy role to ensure the company is doing all it can to safeguard the privacy and protection of data —particularly consumer data.
Accordingly, CPOs are being looked at as a necessary and vital role in order to protect and utilize such data.
The internet of things has created tremendous opportunities for businesses to provide new and innovative services to consumers. It has also created and allowed for the collection and use of tremendous volumes of information about those consumers, including their lifestyle, spending, health and other habits. It is this tremendous volume of deeply personal information that has led to both consumers and governments increasingly becoming more vigilant about how companies collect and use data.
In a world teeming with electronic information, the role of the CPO has become a necessity for companies of all sizes.