James Thew - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What are the benefits of hiring a chief privacy officer?

What exactly is a chief privacy officer, and what can one do to help your organization? Expert Mike O. Villegas explains how a CPO could help improve security.

Some enterprises are using "privacy professionals" -- from chief privacy officers to privacy consultants -- to work with their information security and IT teams to better manage the privacy implications of data security. Can you explain what privacy professionals are and how they can help strengthen enterprise security?

Data privacy has become a key issue for enterprises over the last 15 years. The E-Government Act of 2002 mandates a privacy impact assessment of any substantially revised or new information technology system in the protection of personal information contained in government records and systems. GLBA, HIPAA, HITECH Act and Sarbanes-Oxley also have a host of regulations to safeguard the security and privacy of electronic protected health information, Personally identifiable information and financial data. Although a chief privacy officer is not required in all of these regulations, corporations find it necessary to establish the CPO function to identify, locate and protect corporate and personal data. The question is how that protection is implemented.

The job of the CPO is to:

  • Identify and understand legal requirements regarding privacy from laws, regulations and contract agreements
  • Check whether personal data is correctly managed in respect to these requirements
  • Review corporate privacy policies to ensure they cover applicable privacy laws and regulations
  • Verify the correct security measures are adopted and implemented across the organization

Information security professionals are often more technical than business-focused, so working with chief privacy officers or privacy consultants ensures proper controls are deployed to protect corporate data. To augment this effort, the corporation should also have a data classification scheme to identify the most crucial data and an IT risk assessment based on that scheme. A close alliance between privacy and information security strengthens the ethos and balance of asset protection.

Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

Next Steps

Check out this job snapshot of a chief privacy officer.

This was last published in March 2015

Dig Deeper on Information security certifications, training and jobs