TrustArc Blog

What the CISO Needs to Know About Data Privacy (Webinar Recap)

October 16, 2015

In today’s webinar, “Top 5 Things the CISO Needs to Know About Data Privacy,” Senior Analyst at Forrester Research, Heidi Shey shared research on privacy in organizations with TRUSTe CEO Chris Babel.

Below are a few excerpts from the webinar:

“Privacy is one of those organizational functions that’s still emerging for many enterprises today,” Heidi said. “There are different ways that people are trying to bring these capabilities into the company and put people in charge of privacy and that creates some challenges as well as opportunities depending on how the privacy organization is structured.”

Heidi identified types of privacy organizations:

  • “Compliance Cubs” – “This is probably the most common type we see today. They’re very compliance-driven; they’re focused on meeting compliance requirements around consumer data privacy.”
  • “Security Satellites” – “These are companies that have pulled privacy in. [There’s] greater alignment between security and privacy.”
  • “Marketing Mavens” – “Privacy, marketing and customer care initiatives are top-of-mind. In these companies you’ll typically find someone in marketing overseeing privacy.”
  • “Business Boosters” – “These are the companies that approach privacy organization-wide. They’ve broken-down privacy silos.”

Several polls throughout the webinar provided some insight into viewers’ opinions on privacy. The second poll asked attendees about their plans for cross-border data transfers now that EU Safe Harbor has been ruled invalid.

“What solution is your company considering for data transfers following CJEU ruling?”

  • Wait for Safe Harbor 2.0 (40%)
  • Model Clauses (30%)
  • Binding Corporate Rules (15%)
  • Consent (14%)

With regard to the poll, Chris stressed that answers are individual and based on an organization’s needs: “It starts with understanding your data flows and how much data’s moving, where it’s moving because only by understanding that can you really say which of these options is best for you. If you’re just moving employee data, consent wouldn’t work. Different methods apply based on what you’re doing.”

Another tip Heidi gave for CISOs is “compliance is not a privacy strategy.”

“When we take this approach, the organization starts to view privacy as a cost center,” she said, adding that companies will strive to meet compliance at the lowest cost and then move on. It also creates silos within an organization in addition to a “head in the sand” environment in which “we start to overlook the potential of data and what we can do with it.”

To avoid this, she says it’s important to view privacy as a competitive differentiator.

To read about TRUSTe’s future webinars and events, click here.

 

Subscribe to Blog