US-based Chief Privacy Officer of First Data, John Atkins, discusses the practical challenges he faces, and his views on the future of privacy.
What are the biggest challenges and main practical issues that data protection (DP) professionals are facing at the moment?
One of the critical challenges of our profession is to keep up with the rapid pace of change in both law and technology. Applicable laws and technology are constantly evolving, and we need to help the business understand and adapt to those issues as they impact privacy. Privacy today isn't what it was ten or even five years ago. For example, social media wasn't on the radar five years ago. Today, it is a force to be reckoned with. Mobile apps, biometrics, analytics, data mining, behavioral advertising and cloud computing are all newer issues that require attention. We're constantly peering over the horizon to see the next waves we will have to ride.
Another challenge involves helping business colleagues understand the applicability of data privacy laws and regulations to their business objectives. For example, a legitimate business objective might be to consolidate localised data operations into a global center to achieve greater efficiency. Achieving this objective in compliance with data privacy laws and regulations requires time to help the business understand what can be done in the short term versus operations that require more time to ensure compliance.
Finally, I am sure that many privacy professionals face the practical issue of resource constraints.
How would you describe the role and influence that Chief n Privacy Officers (CPO) have iin the overall operation of the global company?
The role and influence of CPOs will continue to grow and evolve. My position was just created six years ago, and our first challenge was to develop a privacy program that fits the needs of our company. Today, our program is significantly more refined, allowing us to develop binding corporate rules (BCRs), which were approved in the EU in November 2011. The growing importance of corporate privacy programs gives the CPO access to the company's executive committee and the audit committee of the board of directors.
What are your predictions for the privacy profession in 2012?
Like so many professions these days, I predict more work but with limited resources.
What is the most rewarding aspect of the data protection profession and what is your advice to someone considering joining the profession?
The development and evolution of First Data's privacy program, leading to approval of our BCRs, has been very rewarding. Only a handful of companies in the world have had their BCRs authorised. The evolution of our program has also helped raise awareness of privacy issues within the company, which is needed to ensure adequate safeguards of data.
The EU Commission iis examining the possibility of 'making the appointment of a Data Protection Officer (DPO) mandatory...while reflecting on the appropriate threshold to avoid undue administrative burdens, particularly on small enterprises'. What are your thoughts on this?
If the European Commission decides to require DPO appointments, I agree that the nature of a company's business should be considered, and there should be appropriate thresholds to avoid undue administrative burdens.
What is on your wishlist for 2012?
The European Commission has acknowledged that international data transfers are essential for doing business in today's global economy and has suggested that, as part of the package for reform, it will streamline current procedures. My hope is that the Commission will consider expanding the applicability of the BCR model to include processor data. We process billions of transactions worldwide, and we plan to go beyond basic compliance and hold ourselves to the same high standards for all data we handle, everywhere we do business. We plan to be first in line for authorisation of binding processor rules when the time comes so our customers can be confident that our commitment to data protection has been recognised by some of the most scrupulous privacy regulators in the world.
Chief Privacy Officer