I just got back from the IAPP 2008 Privacy Academy and it was a great opportunity to meet other privacy individuals from all over the world. As many of you know, the IAPP is one of the premier not-for profit organizations for legal, security, and IT professionals. It was a three-day event for industry leaders to come together and learn about the challenges that organizations are facing in their industry.
I sat in on many sessions related to these issues and I wanted to share some of what I learned with you. In these difficult economic times, one of the challenges to protecting information and setting up a privacy compliance program is getting the necessary funding from management. It is often difficult to get support without convincing the CFO that creating and complying with privacy mandates is a business saving endeavor. The panels spoke at length that in their case, they had experienced a data-breach of one of their clients and this was the impetus for change. Unfortunately, this is often the case in many businesses. The key is to take preventative measures to avoid this from happening. However, this can’t be done unless management realizes the dangers of non-compliance and the possibility of FTC sanctions.
Another excellent session was given by Jay Cline titled â€œ50 Best Metrics for data Privacy and Security Status.â€ He outlined the specific metrics to perform a privacy audit on an organization and present to management clear steps where improvement is needed. The session gave us an overview of GAPP: General Accepted Privacy Principles. The audience went through it and how to apply it to a hypothetical organization.
The primary objective of the IAPP is to network with our fellow privacy members and learn from what others are doing. Aside from the actual sessions, the most important part of the IAPP is to meet with people in our industry and have sit-downs on how our counter-parts are taking on new regulations and laws in their industry.
I am definitely going to attend the next IAPP Academy which is being held in Washington, DC. If anyone else out there is interested in attending, please do not hesistate to contact me and we can meet up in March.