1

Global Privacy Policy:Privacy Climate Changes Ahead

Chairman’s Introduction

Stewart Dresner, Chief Executive

Thursday, August 23, 8am

The Privacy SymposiumThe Charles Hotel and Harvard Faculty Club

Cambridge, MA21 - 24 August 2007

2

3

4

5

6

Global: Where are the privacy laws?1. 27 EU member states

2. Other EEA countries eg. Norway, Iceland

3. Non-EEA “adequate” countries eg. Isle of Man, Guernsey, Switzerland, Canada, Argentina

4. Other countries for a future possible “adequacy” declaration eg. Australia, Dubai, Hong Kong, Israel, New Zealand

5. Other countries with different types of laws eg.

USA, Taiwan and Russia

7

Warning! In the news1. Towers Perrin Is Hit by Laptop Theft

(Wall Street Journal, January 9th 2007)

2. UK’s Nationwide Building Society fined £980,000 by the FSA for lapses in data security procedures (14th February 2007)

3. Zeppelin (maker of Spain’s Big Brother TV programme) fined more than 1 million Euros (confirmed by Supreme Court, April)

8

1. Privacy Climate Changes AheadMore countries with DP laws in the

legislative process• China• India• South Africa• Latin America

9

2. Privacy Climate Changes AheadA human right by non-democratic means• Privacy a human right in the Universal

Declaration and European Convention on Human Rights

• But some countries with DP laws are not democracies. Why do they bother?

• Commercial value in having a DP law• A non-democratic ruler can adopt a new

law quickly

10

3. Privacy Climate Changes AheadPenalties getting stronger• USA• Spain• France• Czech Republic• United Kingdom?

11

4. Privacy Climate Changes AheadPrivacy regulators’ inspections and

audits more methodical, coordinated• Netherlands - consensual audit framework• Spain - investigates every complaint• France - visits without warning• UK - consent based and agree scope in

advance – but also part of enforcement• Coordinated Europe-wide audits

12

5. Privacy Climate Changes AheadMore cooperation between DPAs and

other regulators• Italy – Garante and Financial Police• UK – ICO and the Financial Services

Authority• Sweden – Data Inspection Board, the

Post & Telecommunications Agency, and the Consumer Ombudsman

13

6. Privacy Climate Changes AheadFocus in the organisation moving up• Traditionally a middle management role

with HR and/or marketing focus• Now attention moving up (HP in USA and

UK finance sector)• Media coverage of others is useful tool• Huge salaries in affected firms in USA

show that privacy becoming strategic issue

14

7. Privacy Climate Changes AheadMore access laws and transparency• Privacy advocates • Consumers• DPAs increasing transparency

– Spain’s DP Agency’s audit reports on website– UK ICO has now published names of two audited

organisations– France’s CNIL makes companies pay to advertise

15

8. Privacy Climate Changes AheadWhat is ahead?1. DPA’s to become more interventionist2. Companies increasingly to see privacy as

component of reputation3. Search for technological solutions to

continue 4. Companies will want

recognition/accreditation for their privacy efforts eg. European Privacy Seal award to Microsoft

16

8. Privacy Climate Changes AheadWhat is ahead? (continued)

5. Privacy laws to provide an increasingly common basis for companies’ initiatives

6. DPAs to broaden scope7. Consumers willing to pay a privacy

premium8. Consumers less willing to deal with those

they don’t trust

17

Develop the ideal CPO skills set (1)Diverse skills for CPO and privacy managers to manage privacy laws compliance programs 1. Constantly refresh your knowledge2. Credibility, determination, commitment3. Persuasive powers and diplomatic skills4. Accessibility5. Flair for publicity

18

Develop the ideal CPO skills set (2)6. Ability to build on your organization’s core

values7. Willingness to work with prevailing

management processes8. Lead strategic thinking among top

management on privacy as a competitive advantage.

9. Credible DP audits show compliance10. How best to show privacy gains impact

your organisation?

19

Contact details

Stewart Dresner, Chief Executive,

Privacy Laws & Business2nd floor, Monument House, 215, Marsh Road

Pinner, Middlesex, HA5 5NE, United KingdomTel: + 44 208 868 9200 Fax: + 44 208 868 5215

E-mail stewart@privacylaws.com

www.privacylaws.com