Call today! 1 866 3 NYMITY
Username: Password:
Nymity News
Nymity logo
Home About Us

Interview with International Association of Privacy Professionals (IAPP)

 

April 2004

 

Terry McQuay, Nymity's President, recently had an opportunity to speak with Trevor Hughes, Executive Director or the International Association of Privacy Professionals (IAPP) www.privacyassociation.org. Mr. Hughes is a speaker at the upcoming Online Privacy and Security conference taking place in Toronto on April 20th and 21st. www.canadianinstitute.com.

 

The IAPP is announcing Nymity's Employee Privacy Conference to the members of the IAPP and Terry McQuay will be speaking at IAPP Privacy Futures Conference, June 9-11, at the Palace Hotel in San Francisco.


Nymity: Trevor, please provide our subscribers an overview of the International Association of Privacy Professionals (IAPP) and its history.

 

Hughes:  The IAPP is a professional association made up of people working in the field of privacy. We have been in existence for 4 years and have grown consistently, with current membership above 1000 members. The IAPP brings together privacy professionals from a myriad of industries and backgrounds to share knowledge, network, and promote the profession.

 

Nymity: What is a privacy professional?

 

Hughes:  We have been asking this question to our members in a series of regional meetings this year. The answers are really interesting. Many respond that a privacy professional is a person who ensures that an organization stays in compliance with privacy laws and standards. The answers that I find the most compelling are those that see privacy professionals as people who help organizations maximize the value of the data that flows through an organization. A part of this definition is clearly driven by compliance – the data flows must be within the confines of applicable standards. But a big part of the definition also relates to the ROI of privacy – helping companies use privacy to engender trust with their customers, and smoothing relationships with vendors, partners, affiliates and others to allow data to be used to it’s greatest potential.

 

Nymity: What are the biggest challenges facing privacy officers/ privacy professional in the US?

 

Hughes:  Privacy professionals spend a great deal of their time educating their co-workers on the nature of their job, and why it is important for their company. Bringing fellow employees up to speed on privacy in a way that still allows them to accomplish the goals of the organization is probably the biggest challenge. Staying on top of the constantly shifting standards is probably a close second.

 

Nymity: What is the future for a privacy professional?

 

Hughes:  Very good! I think we have seen the emergence of a new profession that will continue to grow in the years ahead. Organizations have been responding to the compliance challenges associated with privacy by hiring new staff. There is clearly a compliance component to the continue growth of the profession. I don’t think we have seen the top of the growth curve generated by PIPEDA, GLBA, HIPAA, CAN-SPAM, COPPA, etc. But the interesting dynamic is that many organizations are starting to understand privacy as more than just a compliance hurdle – they are using privacy as a differentiator in the marketplace. Privacy builds trust. And trust builds long-lasting customer relationships. I think that this dynamic will spark continued senior-level growth in the profession for quite some time.


Nymity: What is the average pay for Chief Privacy Officer in the US? What department do they reside?

 

Hughes:  We do a salary survey each year with a research firm, the Ponemon Institute. The full survey results are shared with IAPP members and the news has been quite good. On average, privacy professionals in the US were earning $106,000 (US) in 2003. There is significant variation in salary according to industry, level, education, and gender. One of the interesting things to note is the diversity of departments that have privacy functions. We see privacy professionals in legal, compliance, HR, marketing, and technology areas.


Nymity: At the April 20th Canadian Institute conference you will be comparing US and Canadian privacy legislation. What are the main differences?


Hughes:  Perhaps the biggest difference is the contrast between privacy as a fundamental right, protected through broad legislation (PIPEDA), and sectored protection in targeted areas (GLBA, HIPAA). Another major difference is the role of the Privacy Commissioner in Canada as compared to the multiplicity of enforcement officials that cover privacy in the US.

 

Nymity: What legislation in the US should a Canadian firm consider most important?

 

Hughes:  It depends. If a Canadian firm has US-based operations, they may be effected by many (if not all) of the US privacy laws. If they are marketing into the US, they may be limited by restrictions on telemarketing, email, faxing and direct mail. If they are online, they may be covered by COPPA and state standards. The “most important” legislation is the legislation that covers their practices. Again, the US has a sectored approach to privacy – it is incumbent upon Canadian companies doing business in the US to understand these laws and respond appropriately.

 

Nymity: IAPP recently announced the IAPP Privacy Certification Program, please provide an overview of the program and the relevance for Canadian Privacy Officers.

 

Hughes:  As the profession of privacy has grown, the IAPP recognized the need for standards in the knowledge necessary to work in the field. For that reason, we have begun work to create a privacy certification in 2004. The IAPP is working with Carnegie Mellon University, the Ponemon Institute, HP, Microsoft, and a stellar advisory board of leading CPOs to build the common body of knowledge necessary to work as a privacy professional. That common body of knowledge will be released for community comment at the Privacy Futures conference in San Francisco on June 10th. We plan to offer the first exam for the first class of Certified Privacy Professionals (which will carry the designation of “CPP”) at our Privacy Academy in New Orleans in October. Much more information is available on our website, www.privacyassociation.org.

Nymity: On June 9th to 11th IAPP is having a conference in San Francisco called Privacy Futures. What is the focus of this conference?


Hughes:  I am really excited about this conference, which we are co-sponsoring with TRUSTe. We have a packed roster of privacy, technology, and public policy experts joining us for the first major privacy conference to be held on the west coast. We have titled the conference Privacy Futures (June 9-11, at the Palace Hotel in San Francisco) and have secured three top-notch futurists for keynotes on the future of privacy and technology. The conference will also provide hands-on guidance to help manage privacy issues in the fields of international law, technology, healthcare, financial services, and security. You can visit www.privacyfutures.org to register and learn more.  We are happy that Nymity is participating in this event.

 

 

 

Now Hiring

 

 

 

 

 

 
Contact Us | Privacy Policy | Terms of Use and Disclaimer © 2003 - 2008 NYMITY