The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Chief Privacy Officer

  • From Vol. 2 No.21 (Oct. 19, 2016)

    Privacy Leaders Share Key Considerations for Incorporating a Privacy Policy in the Corporate Culture 

    For in-house privacy counsel, building a cohesive privacy program means leading the company, its employees and its vendors through regulatory landmines. While there is no one-size-fits-all approach, there are certain privacy program essentials applicable to most organizations, regardless of size or industry. At the recent Women, Influence and Power in Law Conference, Megan Duffy, founder of Summit Privacy and former privacy counsel at Snapchat, Inc., Tori Silas, senior counsel and privacy officer of Cox Enterprises, Inc. and Zuzana Ikels, principal at Polsinelli, shared advice on how the legal department can create and implement a strong privacy program, from initial considerations to key components. See also “Designing Privacy Policies for Products and Devices in the Internet of Things“ (Apr. 27, 2016).

    Read Full Article …
  • From Vol. 2 No.17 (Aug. 24, 2016)

    How GE’s Global CPO Approaches Shifting Regulations With Dynamic Implications 

    Shifting cybersecurity and data privacy regulations across industries and regions challenge many companies to frequently update their practices to remain compliant, not only at their home base, but also in other countries where they conduct business. Renard Francois, General Electric’s global chief privacy officer, spoke with The Cybersecurity Law Report in advance of ALM’s cyberSecure conference on September 27-28, 2016, at the New York Hilton, where he will participate as a panelist. An event discount code is available to CSLR readers inside this article. In our interview, Francois discusses some of the key ways GE’s privacy team approaches modifying practices to stay up-to-date with global regulations, and ensuring all stakeholders are informed and working collaboratively across businesses and departments. See also “Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part One of Two)” (May 6, 2015); Part Two (May 20, 2015).

    Read Full Article …
  • From Vol. 2 No.15 (Jul. 20, 2016)

    Challenges Facing Chief Privacy Officers

    Constantly evolving data privacy laws and heightened cyber threats place a large burden on the shoulders of chief privacy officers (CPOs). At a recent PLI panel, Keith Enright, the legal director of privacy at Google; Lauren Shy, the CPO of Pepsico; and Zoe Strickland, the global CPO at JP Morgan Chase, shared their thoughts on some of the recent challenges facing CPOs, including how to work with different departments, the CPO’s role in incident prevention and response, and the pros and cons of different cross-border data transfer mechanisms. The panel was moderated by Lisa J. Sotto, a partner at Hunton & Williams. See also “Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer” Part One (May 6, 2015); Part Two (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.18 (Dec. 9, 2015)

    The Multifaceted Role of In-House Counsel in Cybersecurity 

    To effectively advise corporations on cybersecurity issues, in-house counsel must navigate myriad issues that can vary across industries, state and international jurisdictions as well as privacy and information security contexts.  A recent PLI program brought together privacy and information security counsel from various industries to share insights on the role of in-house counsel charged with securing business-critical and confidential data and technology.  They discussed the different responsibilities for data privacy and cybersecurity professionals, international data privacy and protection laws, and offered strategies for in-house counsel to prevent internal cybersecurity threats, develop breach prevention and response policies and handle vendors.  The panel was moderated by Lori E. Lesser, a partner at Simpson Thacher, and included top practitioners Rick Borden, chief privacy officer at the Depository Trust & Clearing Corporation; Nur-ul-Haq, U.S. privacy counsel at NBCUniversal Media; Michelle Ifill, senior vice president at Verizon and general counsel of Verizon Corporate Services; and Michelle Perez, assistant general counsel of privacy for Interpublic Group.  See “Analyzing and Complying with Cyber Law from Different Vantage Points (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 8 (Jul. 15, 2015); and Part Two, Vol. 1, No. 9 (Jul. 29, 2015).

    Read Full Article …
  • From Vol. 1 No.4 (May 20, 2015)

    Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part Two of Two)

    With the dynamic nature of privacy concerns – caused by changing legal requirements, growing data collections and evolving technology – top privacy officers must manage a shifting realm with proactive communication, effective reporting lines and operational structures to ensure accurate implementation of privacy policies and protocols.  Experts agree that it is optimal to have both a Chief Cybersecurity Officer or Chief Information Security Officer (CISO) and a separate Chief Privacy Officer (CPO).  Some confuse these positions, thinking “that the security person should know all things privacy and the privacy person should know all things security and that is clearly not the case,” Michael Overly, a partner at Foley & Lardner told The Cybersecurity Law Report.  In this two-part article series, we define and distinguish the roles of CPO and CISO.  This article, the second of the series, focuses on the CPO, including core responsibilities, considerations for structuring reporting lines and hiring for the position.  The first article focused on the CISO.

    Read Full Article …
  • From Vol. 1 No.3 (May 6, 2015)

    Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part One of Two)

    Growing cybersecurity demands on companies require effective reporting lines and operational structures to manage cybersecurity-related job functions.  Experts agree that it is optimal to have both a Chief Cybersecurity Officer or Chief Information Security Officer (CISO) and a separate Chief Privacy Officer (CPO).  Some companies confuse these positions, thinking “that the security person should know all things privacy and the privacy person should know all things security, and that is clearly not the case,” Michael Overly, a partner at Foley & Lardner told The Cybersecurity Law Report.  In this two-part article series, we define and distinguish the roles of the CPO and CISO.  Part One focuses on the CISO – including core responsibilities, best practices for structuring reporting lines, and considerations when hiring for the position – and Part Two will focus on the CPO. 

    Read Full Article …