Our latest series will introduce you to a new TRUSTe employee every week to give you an inside look at the talented, knowledgeable and friendly people who work at TRUSTe.
Name: Debra J. Farber
Job Title: Sr. Consultant & Product Manager, JD, CISSP, CIPP/US, CIPP/G, CIPM, CIPT
How long have you worked at TRUSTe? Just under 6 months.
What do you think are the top privacy challenges for companies? Organizations need to understand how personal data are collected, used, stored, accessed, shared, and expunged in order to identify and remediate privacy risks. However, as organizations process increasingly more data, and as business processes change over time through acquisitions, mergers, etc., it becomes incredibly challenging to understand where personal data are located within a business. Very often, attempts at developing data flow maps, which are time-consuming to create, are outdated by the time they have been drafted.
What do you like most about working at TRUSTe? Clearly, TRUSTe has been a leader in privacy for many years. I feel particularly lucky to work with such intelligent and affable coworkers. However, to me, the most exciting part about working at TRUSTe is the launch of our new Data Privacy Management (“DPM’) Platform. This technology will assist organizations with the automation of some of the most time-intensive activities: privacy workflow management, privacy impact assessments (“PIA”), up-to-date data mappings, vendor assessments, etc. I have the unique opportunity to work at TRUSTe as both a Sr. Consultant, using the Platform to advise our larger clients, and as a Product Manager, prioritizing new DPM Platform feature sets based on feedback that we receive from consulting engagements. I truly look forward to coming to the office every day!
What are some hot issues in the privacy space right now?: There are quite a few hot privacy issues! In fact, Dictionary.com declared “privacy” as 2013’s word of the year and “exposure” as 2014’s. As companies begin to leverage their access to insights from “big data” and connect to the “Internet of Things,” understanding where within an organization’s business processes personal data flows is important. There’s an increasing emphasis by regulators on making sure that companies effectively manage how personal data are used and shared to understand and reduce risks to privacy and to mitigate the impact of breaches. Just last week, President Obama proposed the enactment of a the Personal Data Notification and Protection Act, which would create a Federal set of rules for how organizations handle personal data. It would also criminalize international trade of stolen identities.
Tell us about all the acronyms after your name: To adequately understand and manage risks to personal data, it is essential to have a comprehensive understanding of data governance and management. My legal training (“JD”) prepared me for analyzing laws and drafting policies, procedures, and contracts. I sought a greater understanding of technology, information security, and project management by earning multiple privacy certifications from the International Association of Privacy Professionals (IAPP). I serve as an IAPP Privacy Professional Faculty Member, in which I train individuals who are interested in pursuing IAPP certifications. My CIPP/US designation demonstrates my knowledge of foundational privacy concepts and US privacy law, and the CIPP/G indicates my understanding of privacy issues related to the US government sector. The CIPT demonstrates that I have grasped how privacy issues relate to technology, and the CIPM indicates my ability to set up a privacy program from scratch and manage ongoing privacy-related projects within a business.
The CISSP is a security certification issued by (ISC)2 that indicates my grasp of knowledge across 10 domains of security. As a privacy professional in an operational role, understanding security laws, risks, encryption, and control options has enhanced my ability to strategize, and has enabled me to draft solid policies and procedures.
What do you do for fun when you’re not working? I try to have a lot of fun while I am working (you should meet my office pet – Shia the Chia Pet). When I am away from the office I enjoy so many of the wonderful things there are to do around the San Francisco Bay Area, such as wine tasting in Sonoma, hiking in Marin and Muir Woods, and camping in Yosemite. However, what brings me the greatest joy is bringing people together to create closer communities. I love hosting potluck dinners for friends, participating in fundraiser/sporting events (e.g., AIDS LifeCycle and Cycle for Survival), volunteering with the homeless in the SF Tenderloin District, and launching a new organization – Women in Security and Privacy (“WISP”) with several other leaders in privacy.