Talking Compliance at IAPP Privacy Academy 2012

Post Date: 10/16/2012
feature image
​Last week, I had the privilege of representing AvePoint at the Privacy Academy hosted annually by the International Association of Privacy Professionals (IAPP). The conference was held in San Jose, CA, and AvePoint was a proud Silver Sponsor. I presented a session entitled “Implementing a Universal Translator: Automation at the Intersection of Policy and Practice”. This session focused on using technology to create a common interface that would enable organization wide compliance programs and communication between key constituents: compliance officers, company executives, and IT. The Academy’s keynote was given by John Perry Barlow of the Electronic Frontier Foundation. Mr. Barlow spoke of the “digital slime trail we leave online versus the right to be anonymous”. Conference themes, including privacy concerns, have been at the top of the minds of regulators, companies, government agencies, and individuals. Attendees included privacy practitioners and security specialists from around the world who converged on the Academy to learn about trends and to share best practices across industries, including cloud computing, financial services, global and legal developments, governance and accountability, healthcare, information security, marketing, mobile and location-based services, online privacy, and much more. One of the core themes of the conference was the ongoing, delicate balance between privacy and open collaboration in an increasingly interconnected world. Technology and digital communications allow companies, government agencies, and individuals unprecedented access to large volumes of data and information. With these enhanced capabilities comes a greater responsibility and new and growing regulatory requirements. This regulatory landscape is changing at a rapid rate. Stories about privacy breaches, identity theft, and cyber terrorism appear almost nightly on the news. Thus the job of privacy and information security professionals is becoming more and more critical. This role includes data protection, which covers the right of individuals to have and maintain personal privacy. Also noteworthy were two more of the main themes that were weaved throughout all of the discussions: the increasing pressures on organizations to do more with less and the need to empower employees, business associates, and individuals through the use of the latest and greatest technologies. We discussed how companies require increasingly larger market data about consumers’ behavior and their online activities. These data sets need a deeper granularity in order to feed predictive models, forecasts, and other processes throughout the day. Attendees were presented with new concerns as well. While there are needs to use more market data, there are also new compliance requirements that are placing a greater emphasis on governance and risk reporting, driving the need for deeper and more transparent analyses across global organizations. Enterprise collaboration systems, social media, big data, mobile devices, and the cloud are great for innovation, free thinking, and creativity. However, they can become a compliance headache as well. It is my belief that a successful compliance program must weave together a number of stakeholders, including but not limited to compliance officers, company executives, and the IT department. One of the challenges that I discussed in my presentation was the fact that many factors go into the determination of an organization’s privacy and information assurance program, including statutory and regulatory requirements, company or organizational best practices, and market demands. In a perfect world and as a function of best practices, each and every IT deployment should be accompanied by a governance and compliance strategy along with a plan for technical, practical, and strategic implementation and monitoring of that plan. Sadly, this does not always happen. Core components of these programs must include people, policy, process, training, and technical enforcement. Controls and oversight must be implemented for users, systems, and the content within them. At the IAPP Privacy Academy, AvePoint introduced an innovative approach to addressing these cross-organizational objectives with AvePoint Compliance Guardian 3.0. Compliance Guardian bridges the gap between compliance, IT, and the business to begin and maintain a constructive, productive, and compliant environment. It does this through a multi-step approach to compliance, which includes content scanning, tagging, classification, and action (protection). Compliance Guardian can be invoked as part of a real-time compliance risk assessment and risk management system, and also used as part of an ongoing audit program, allowing organizations to gain critical, actionable information to continuously improve their compliance posture. Feedback from the system can be used to not only provide insight for compliance officers, C-level executives, and IT administrators, but also to inform educational programs and training initiatives and to improve and evolve processes and programs. Combined with AvePoint’s extended Compliance Solutions, organizations can gain a truly detailed analysis of sensitive content within their environments along with the entire context around that information to conduct real-time threat assessments and mitigate the likelihood of a breach or data leak. Through spending time with conference attendees, I was able to meet people tackling the challenges described in this post on daily basis. The conversations allowed for discussions related to how our compliance platform can address a wide variety of their program’s demands. I look forward to our ongoing collaboration with privacy, security, and compliance colleagues around the world. There has never been as important a time to be more vigilant and innovative in balancing privacy and data protection than in the face of the data and communication explosion we are experiencing on an increasing trajectory every day.

Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: Twitter:

View all post by Dana S.

Subscribe to our blog