4 Essential Skills for Future Privacy OfficersWorld of the Future Requires Skills in the Present
"Imagine waking up in the morning, not because of an alarm clock, but because your bio alarm identified the peak time within your REM cycles to awaken you fully refreshed. You jump on the treadmill and it sends your exercise performance and bio-readings over the Internet to your personal health record (PHR). You grab some orange juice from the refrigerator, which records the amount taken via an RFID reader. It also sends that information to your PHR and updates your weekly grocery list, which is stored on your handheld device. The monitor in the kitchen displays all the social network updates and news stories -- translated from foreign news organizations around the world -- that it has learned you are most interested in. It has also prioritized all your incoming e-mails, texts and voicemails from the previous eight hours based on your past message management.
"At the top is a meeting invite from your doctor, who would like you to come in to receive your DNA-personalized nutritional supplements and anti-carcinogen nanobots, and also talk about the cholesterol alerts he's been getting from your PHR. You hop in your electric car, which recharged at two o'clock that morning at the direction of the smart grid. You drive, obeying the posted speed limit, knowing that your insurance company will drop your rate if you do so. As you pass by your dry cleaner, your car's speakers sound an alert to let you know that your suit is ready. It's only 9:00 in the morning, but you've already generated a terabyte of data in your personal account in the cloud."
Lets look into the privacy profession, which is moving from regulatory compliance and breach notifications to being identified by development in various applications.
Again, that's a vision of the future painted by two privacy thought-leaders. Such a scenario may appear too far fetched when read, but I think it is possible given the capabilities and changes we have seen in technology.
Lets look into the privacy profession, which is moving from regulatory compliance and breach notifications to being identified by development in applications such as mobile technology, cloud computing, social media and electronic health records.
There are new dynamics shaping privacy and the privacy profession today, and ultimately there are new skills demanded from professionals to successfully embrace the future.
The top four skills needed for the next generation privacy officers include:
- Convergence with IT Security and Risk -- Privacy officers will need to understand the threats and risks associated with different levels of protection and sharing of information. For instance, with the advent of electronic health records, where thousands of patients' records can be accessed in a matter of minutes, the privacy officer will need to address the IT risk factors on how service can be maximized, but privacy risks eliminated. How can information sharing be limited, leading to reduced risk? What will be the potential risks for data usage in such cases? How will they be able to effectively secure this data? In my conversation with Brian Dean, a HIPPA privacy officer at Key Bank, he discussed how privacy will soon be a risk-based approach, and officers will need to know which threats and risks they are trying to mitigate by taking a particular course of action.
- Encryption Technologies -- As more and more information is stored or communicated via computers, the need to ensure that this information is protected becomes more relevant. Privacy officers will therefore need to gain technical expertise in encryption technologies to protect the increased amount of confidential information and data collected and used on networks and smart grids. Dean is already seeing a big emphasis on encryption in his role, especially as the Health Information Technology for Economic and Clinical Health Act's security provisions and heightened enforcement are forcing hospitals and their business associates to incorporate encryption methodologies to protect their patient's and consumer privacy.
- International Privacy Laws: As the privacy function gets extended beyond national boundaries, a key skill needed for privacy officers will be to understand how countries are regulating privacy, and what laws are impacting which sectors and technologies. How are these regulations protecting the security of information? In addition, international privacy laws have also taken precedence as companies engage in outsourcing information to contractors and sub-contractors overseas. Privacy officers such as Dean and Ken Newman, a security and privacy manager at a community bank, find themselves looking for resources on international regulations such as the E-Privacy Directive adopted by the European Union and the Personal Information Protection and Electronic Documents Act, or PIPED Act, regulated by Canada to find out and learn more about how private sector organizations collect, use and disclose personal information in the course of business activities in these countries.
These are a few areas that privacy professionals will need to focus on as they take initiative to build trust and play an active role in the next decade.
For training on these skills, I suggest looking into resources offered by organizations including: American Health Information Management Association (AHIMA); HIPAA privacy and research training program at the University of Louisville; Risk insurance Management Society; Computer security resource center at NIST; Privacy International; International Association of Privacy Professionals and ISACA.
What are your thoughts on the next generation of privacy officers? Share with us.