A look at how Chief Privacy Officers manage risk

Top CPOs share regulatory issues, best practices and more

Maureen Cooney, Sprint Nextel head of privacy

Privacy is hot topic in corporate America. Companies are extremely aware of its importance, and general counsel must keep it in mind as well. Many companies have implemented a chief privacy officer (CPO) role to help minimize risk. The issues of privacy were the topics of conversation in the Chief Privacy Officers Panel at the Women, Influence & Power in Law conference.

The session moderator was Maureen Cooney, head of privacy at Sprint Nextel, and featured Nuala O’Connor, privacy & data protection at Amazon.com and Laura Merten, JD, CCEP, chief privacy officer at Advocate Health Care.

In the United States, we have a complex system in place to cover privacy, and other nations are starting to develop their own privacy laws as well. Companies that operate in multiple states and countries must work to manage their compliance in all these areas. In addition, there are a number of agencies that regulate this space, so general counsel must be certain to keep all of them in mind as they plan their strategies.

As the nature of business changes – all companies have to deal with data these days, even for simple tasks such as payroll – so the role of CPO must change as well. In fact, many companies don’t even have a chief privacy officer, though they must have one in order to deal with data issues in the future. As databases converge, these issues become more complex, and the first question that companies need to ask is “where IS the data?”

Sprint is, of course, deeply in the mobile space, but Cooney pointed out that mobility concerns are germane to all companies, as mobile workers use their devices to conduct business every day. She stated that companies need to look into app security, for one thing, and try to keep abreast of new technologies, like machine-to-machine communications.

Privacy matters spread to almost every area of business, from pharma companies that want to put microchips in pills to companies that enable video communication, and its best for companies to begin thinking about privacy matters years in advance, whenever possible.

Speaking on the role of the CPO today, Merten confirmed that companies need to stay on top of all new privacy laws and must start the process of ensuring compliance as soon as possible. Non-lawyers are not as concerned with the nuts and bolts of the law, they just want to know what they need to do to comply, and how to communicate new policies with customers. Additionally, having a crisis management plan, and a good set of crisis management skills, is also important.

Coone added the CPOs could be involved in many areas, such as helping with press releases or going to Capitol Hill to speak on a particular topic. For aspiring GC, she states that having experience in the privacy space could be a huge plus for someone who wants that position.

Join the Conversation

Advertisement. Closing in 15 seconds.