Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
April 30 — The number of companies with data protection officers (DPOs), both in the U.S. and abroad, is growing due not only to statutory mandates but in recognition of the important role they can play in dealing with complex privacy issues, panelists said April 30.
DPOs working in tandem with chief privacy officers and chief information security officers will help provide more effective legal compliance and consumer privacy protections, particularly for large companies, panelists said at a session of the American Bar Association Section of International Law 2015 Spring Meeting.
Although DPOs aren't mandated by U.S. law, some countries do require them.
Germany has long required DPOs, Markus Baur, partner at the Ritterhaus law firm in Frankfurt, said. Given the increasing complexity of the privacy legal landscape, the role of the DPOs is more important, he said.
Jai Wook Lee, senior foreign counsel for the Seoul law firm Yulchon LLC, said that recent amendments to the country's data protection law made in response to massive credit card company data breaches require certain companies to appoint DPOs.
Demetrios Eleftherious, senior counsel of privacy and data security for data security and storage company EMC2 in Hopkinton, Mass., said the European Union's proposed data protection regulation would make DPOs a requirement for many companies operating in the bloc.
A provision of the proposed regulation would require companies that handle the personal information of 5,000 or more data subjects within a 12-month period to appoint a DPO, he said.
Having in-house privacy coverage rather than relying on outside privacy counsel is on the rise, Department of Homeland Security Chief Privacy Officer Karen Neuman said.
Fran Wiet, chief privacy officer for Takeda Pharmaceuticals U.S.A. in Deerfield, Ill., said that there may be an advantage to having someone covering privacy issues that is truly vested in the company because he or she is in-house. Of course the option makes more sense for larger companies that may be better able to afford it, she said.
Baur said that even though DPOs are required for many companies in Germany, a large number of those companies outsource the DPO function.
Eleftherious said companies may want to consider a hybrid scenario that keeps certain privacy functions in-house but sends others outside the company to professionals with particular expertise.
Sometimes contracts between companies and vendors may require that the other party have a privacy officer on board, he said.
Neuman said that even where a company elects to have in-house counsel, increasingly the person may be a privacy professional but not a lawyer.
The rise of certification programs in the U.S., such as those offered by the International Association of Privacy Professionals, has raised the confidence level in a new class of privacy and data security professionals, the panelists said.
Lee said that the privacy professional certification process in South Korea is still in the nascent stage in the wake of the legal amendments requiring DPOs.
Some of the motivation in moving away from lawyers to handle privacy matters may be in saving money, the panelists said, but there are important roles to play on privacy teams that have more to do with skill sets than legal training.
Certainly DPOs need to understand the legal parameters of privacy and data security, but the ability to build relationships and communicate both inside and outside the company are equally important, Wiet said.
To contact the reporter on this story: Donald G. Aplin in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Katie W. Johnson at email@example.com
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)