Job Security?

In 2013 at the IAPP fall conference, Lisa Sotto (a renowned privacy and cybersecurity attorney with Hunton & Williams and member of the Board for IAPP) remarked during an open session to the attendees that if she heard one more person exclaim "Job Security" she might have to punch them - I may be paraphrasing. I think she was kidding. But she was not exaggerating the repetitiveness of the sentiment by the attendees.

Is there job security for privacy professionals?  Probably yes. Oh, what the heck - let's abandon the pretense of being objective: yes. Yes. YES!  The world of privacy and data protection is growing by leaps and bounds. And not just in one area of the globe. Privacy and data protection is growing everywhere.

You may recall the somewhat recent headlines containing words like Snowden, NSA, and leak. These headlines, or rather the actions behind them, have created some additional headlines involving European Union and the U.S. trade. I will not address whether Snowden is a hero or a traitor - or whether what he did is even right or wrong. The end result is that the European Commission and various data protection authorities seemed to question their faith in the U.S./EU Safe Harbor program.

I do not really believe that the EU will completely withdraw it's determination in the adequacy of the Safe Harbor program if only because international trade would suffer tremendously. But on the other hand, I would not brush off their concerns either. Recently, the U.S. FTC Commissioner and the U.K.'s Information Commissioner signed a memorandum of understanding to work together to protect the privacy rights of consumers. Rather contemporaneously, the FTC initiated actions against 13 U.S. companies for violations of their safe harbor certification statements, as this author wrote about in an earlier post. So international cooperation is on the table and probably not disappearing anytime soon although there is a lot of work to be done.

Which segues rather nicely back to job security. Privacy is probably the hottest area of law right now, but privacy professionals can not allow themselves to get cocky or complaisant. We must be strategists and visionaries; we must foster understanding and better understand the business case; and we must see the trees and the forest. Privacy law is growing faster than any one person can track. There are multiple think tanks and watch dog groups dedicated to the topic.

I laugh - usually out loud - when I hear other compliance professionals complain that they run from fire to fire. We all do. It's the nature of compliance. I dream of a day when I am notified that some area is suffering a drought and we can proclaim a high alert for the potential for fire. And even ban burning. Ha. Are you following me in this analogy?  Privacy professionals are like the forest rangers on lookout towers. There is a lot of landscape to watch, we are usually alone, we have to track winds, investigate smoke, and be able to call the troops when needed....but only when needed.

It's not glamorous. It's a hard job, but someone needs to do it. In fact, lots of someones need to do it. 

If I were to counsel someone who was interested in either entering the privacy profession or growing within it, there are three things I recommend:

• Learn the technical aspect of the job. Yes, there are Information Security Professionals who generally originate in IT, but it would benefit the privacy professional to learn to speak intelligently about the technology.
• Partner with the Information Security professional. This person should be your other half. They need to respect your knowledge and be able to depend on you and vice-versa.
• Never think you know it all or that you are an expert. There is simply too much untested in the courts and much too much being changed every day - from laws to technology. 

I would not proclaim job security except when joking. Half the time I am afraid I am failing at the job because there is so much to do. The other half does a victory dance when a co-worker knows what the letters PII mean. It's the small things that make me happy - and the big things that keep me employed.

Why are the people in the U.S. so blase' about Privacy?

So this was the question I received today about privacy: "Why are people in the U.S. so blase' about privacy?"

Frankly, my dear, I don't know.

I do have some theories that my mind is sorting through as I write - and if you have some thoughts (yes, you, the one person who is reading this), please do write me and let me know your opinion.

First, I do not think it is related to the fact that we do not have an explicit right to privacy guaranteed to us in the U.S. Constitution. However, I do think it is related to what rights we are guaranteed and how those rights have been enforced over the years. Most importantly, I think the freedom of speech as personified through the freedom of the press has been a huge factor in how blase' we are about privacy. As citizens, we are allowed to say what we want to say (in general), do what we want to do (shy of breaking laws), move where we want to move, live how we want to live, love as we desire - and act on that love. Freedom of speech includes our actions, our apparel, and our writings. And this freedom comes with a price - that we are ever so willing to pay - the lack of privacy.

Next, the American dream reinforces the lack of privacy. To achieve our dreams - or at least for those ridiculously mega-rich people to achieve their dreams, they take chances and go where no one has gone before, with information, brazenness, and wild willingness to use any tools at their disposal. Information is mostly free and can be used in ways that the average person would find mind-boggling.

Additionally, most Americans have not suffered atrocious crimes and deeply personal invasions like countries with currently strong privacy laws have in the past - where thousands of people were tortured and killed based on information, like their race, religion, or even just their name.

Thus on one hand, we see benefits in the freedom of information and on the other hand, we see no penalties in the misuse of information. I have often been told that if a company treats personal information with the respect other nations require, the company would lose its competitive edge. So what would motivate us to care? When I posted previously questioning why we are not outraged at the NSA, one of the responses I got was that once the PATRIOT ACT was enacted, any person who read it or watched the news knew that we now had no right to privacy. In a way, I agree. Not enough people were outraged then - and you cannot let the exploding holes in the dam go unnoticed and then complain about a flooded home.

We need a fundamental shift in our thinking. Information is a power tool. And it can be dangerous in the wrong hands. It can be dangerous in the right hands - if those are not your hands holding your own information. We need to be stingy. For example, unless you are on a government health insurance program or workers' comp, your doctor does not need your social security number. Such a simple thing. But try telling your doctor he/she does not need it and they freak out - they are so used to getting it, they just want to fill the blank. So I just pretend not to know it. "Ooops sorry. Don't carry the card either, but I'll really try to remember to bring it the next time." Not.

Why are we not Outraged?

Edward Snowden (of the now infamous and controversial U.S. National Security Agency rampant surveillance) has spoken out in his first television interview . He speaks frankly about the threats to his life due to his revelations, but more importantly why he did what he did. A friend of mine posted the link on facebook and I asked this same question there - why are we not more outraged? Why do TV or music celebrities get more comments from both fans and haters than does someone who opened the U.S. pandora's privacy box? It is scandalous!

It is scandalous what the NSA has done. 

It is scandalous that we as a nation do not seem to care. 

In fact, it appears and I allege that the only reason we are starting to hear from our political leaders about fixing the problem is because nations which actually provide privacy rights to their citizens are outraged. They are outraged. We are not.

The White House has spoken now. President Obama finally laid out a plan: consider reforming the PATRIOT Act; improve the public's confidence in governmental oversight; have the Intelligence Community make public information about their surveillance programs - including hiring a privacy officer (more on this later as one has now been appointed); and last, having a high-level group of experts review intelligence and communication technologies. Yours truly was not invited. durn.

What will it take for the people of this nation to actually pay attention to their own privacy and to the entities violating that privacy?? I am honestly perplexed, outraged on your behalf, and frankly, wishing there was a privacy cattle prod that someone with integrity could wield as rampantly as the government wields surveillance.