What Is a Privacy Officer?
A privacy officer is the person(s) responsible for how a company or organization collects, maintains, discloses, shares and destroys the private information of clients, customers and employees. Generally, the privacy officer is a key member of the management team.
Other People Are Reading
-
Legal Knowledge
-
At a minimum a privacy officer must have a fundamental understanding of the laws, rules and regulations governing information privacy, data security and data-breach disclosures. The privacy officer uses this knowledge to ensure that the company or organization is in compliance with the law.
Technical Understanding
-
With society's increasing ease with sharing information via online social networks such as Twitter, and the continued advancement of data collection and storage technologies such as cloud-computing, a privacy officer must have a technical understanding of how these softwares and technologies effect privacy issues, and whether they help or hinder the fundamental issue of protecting personal information.
-
Privacy Policies and Standards
-
A fundamental duty of a privacy officer is the creation of a privacy policy or set of privacy standards that will be implemented throughout the company. Implicit in this duty is the responsibility of the privacy officer to educate, motivate and train staff on the best privacy practices, as well as on what disciplinary actions may result for non-compliance.
Privacy Police
-
The privacy officer is responsible for monitoring compliance with privacy policies and providing timely reports to responsible authorities. Additionally, the privacy officer is responsible for responding to and investigating client privacy complaints and reported violations of privacy policies and non-compliance with privacy laws.
Information Governance
-
According to the International Association of Privacy Professionals, the role of a privacy officer is evolving to increase their focus on information governance. Information governance stresses proactive steps to privacy protection. For example, good information governance would involve inventorying data to find where sensitive data exists, rather than reacting once a breach has occurred.
-
References
- Photo Credit global information technology. e-mail concept image by Stasys Eidiejus from Fotolia.com
