Happy New Year! The Privacy Officer’s guide to 2017

Season’s Greetings, dear readers!  It is almost time to start winding down, take a break … and then before the champagne has entirely worn off no doubt you will be taking stock, and planning ahead.  (Well, OK, maybe after a few days of restful time at the beach or cricket first.)

What will 2017 bring for privacy professionals?

First, for those in need of some holiday reading over the break, may I suggest that you could:

• Refresh your memory of the year just gone with the 13 biggest privacy stories of 2016.

• Stimulate your brain with the Future of Privacy Forum’s ‘must-read’ privacy papers of 2016.

• Catch up on some of our influential blogs. If you trust the wisdom of the crowd, you might like the most-read Salinger Privacy blogs from 2016, which were Taking Leave Of My Census (yes, that’s the one that went viral after being re-published by Fairfax, which also caused the Salinger Privacy website to crash in all the excitement, oops), Unlocking Public Data, and Individuation.  And our blog from 2015 offering 17 examples of why we need a statutory cause of action also kept getting readership well into 2016.   But for a gripping thriller, I would also suggest our blog on data analytics – it’s a longer read than most, but as well as a better understanding of the privacy risks of data analytics, you will also get to learn about how my cat’s water-wasting habit makes me look like a slum landlord.  (It’s fascinating, I promise.  And bizarrely relevant.)

• Stuff your own stocking with Salinger Privacy eBooks on topics like Big Data, Workplace Surveillance, and our flowcharts guide to the NSW Disclosure rules.

So what lies ahead for privacy professionals in 2017?  I shall be so bold as to make some wild predictions:

• There will be new privacy challenges posed by drones and artificial intelligence. (Yes, the robots will be taking over.  Deal with it, cats.)

• GDPR-readiness testing will ramp up, as will the level of panic.

• Trump’s presidency will pose ethical dilemmas for Silicon Valley.

• Here in Australia we may finally get mandatory data breach notification (though don’t hold your breath).

• And yes, there will be more data breaches. Oh lord, there will be many, many more.

So what should be on your agenda?

Call it a work plan, call it a wish-list, call it what you like – but I would suggest that if Santa doesn’t bring you everything here, you might need to make these your 8 New Year’s Resolutions:

1. Show you care about the privacy of your customers by changing the social media ‘sharing’ buttons on your website to ‘do not track’ versions like these from Privacore.

2. Avoid a #censusfail – remind HR to implement privacy awareness training.

3. Review what data is being collected and used.  Check in with ICT to make sure you know about all their Big Data projects (buzzwords to look out for: Data Warehouse, data analytics, Business Intelligence, dashboard and reporting projects) – and then advise them on how to build-in privacy best practice.  But meanwhile don’t forget about records management for all the little comms like text messages.

4. Review what data is being disclosed without authority.  New laws like GDPR and the Victorian Protective Data Security Standards (as well as the Australian Government Information Security Manual and NSW equivalent guidelines) are going to ramp up the requirements to classify and label data in order to apply the right infosec controls.  Ask ICT about implementing tools like these from JanusNet.

5. Review what data is being publicly released.  Talk to your ICT & Comms people about de-identification and the risks of re-identification, and establish ethical review processes for research and other data analytics projects.

6. And while you’re talking to ICT, please remind them not to do dumb stuff like putting database backups on a publicly-facing website! This was the cause of the Red Cross data breach affecting more than 1M people in Australia, the Capgemini leak of Michael Page recruitment data, as well as the leak of more than 43,000 pathology reports in India.

7. Hope for the best, but also plan for the worst. Don’t wait for mandatory data breach notification laws – develop a data breach response plan now.  And check out Red Cross as an example of good customer communications in the wake of their data breach.

8. And finally: look after yourself too! Stay on top of your professional development.  If you haven’t already, join iappANZ.  And look out for our specialised training for privacy professionals.  We already offer face-to-face workshops on things like privacy risk management, but coming soon in 2017 will be our new online pay-per-view Privacy Professionals Training modules.  Yippee!

Our own New Year’s Resolutions?  Here at Salinger Privacy we really really do want to finish that guide to De-identification for Dummies Privacy People that we promised months ago and which is half-written, as well as the aforementioned new online training modules … but the beach also beckons …

All the best, dear readers, for a safe and happy holiday season for you and yours.  See you in 2017!

Cartoon designed for Salinger Privacy by (c) Unfold Design