Data Protection Officer Role Will Be Key If You Operate in the E.U.
CIO - Organizations that operate in the European Union (E.U.) may soon be searching for candidates for a new role mandated by law: the Data Protection Officer (DPO). As currently described by the proposed legislation, the DPO role would require a seasoned professional with credentials in the security trenches, reporting directly to the board of directors. With the potential for a land grab of qualified candidates, organizations may want to begin defining their needs now.
"The CEOs, or whoever's running this business, are going to be responsible for hiring people that can communicate," says Patrick Clawson, a veteran of the security industry and chairman and CEO of Lumension Security, a specialist in endpoint management and security. "There are a ton of very smart people who get IT security, but they don't have the ability to make it viral among the employee base. They have to be passionate about credentials and be good communicators that can work with the people in the business and the executive team. This isn't a role for someone right out of college."
Many of the qualified candidates will come out of large consultancies like Capgemini and IBM, Clawson says, noting that organizations will want to make sure they have a seasoned professional because the proposed legislation would have serious teeth. The European Commission (E.C.), which published a first draft of the new data protection legislative package in January, has proposed hefty fines for non-compliance. A provision would allow national supervisory authorities to send a warning letter for first offenses, but serious violations (like processing sensitive data without an individual's consent) would allow those supervisory authorities to impose penalties of up to A'AA!1 million or up to 2 percent of a company's global annual turnover.
"To be fair, if you're going to put something in place, if there aren't teeth it won't happen," Clawson says. "The most successful U.S. legislation like HIPAA and PCI have big hairy teeth."
The E.C.'s proposed legislative package is intended to both harmonize the data protection laws across the E.U. member states and update them to address the new technological reality (like cloud computing). Currently, data protection in the E.U. falls under the Data Protection Directive, adopted by the E.C. in 1995. As a directive, it provided a list of issues the E.U. member states should address with their own legislation. That left each of the 27 E.U. member states to implement their own varying versions of data protection laws. The new legislation would replace those laws with a single set of rules that would govern data protection across the E.U.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- Armed and Dangerous: Help your IT Organization Embrace Enterprise Mobility
- Becoming a mobile enterprise means new opportunities for your organization yet letting employees choose their own devices and then access corporate resources, apps,... All Government IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- IBM Intelligent Investigation Manager: Online Product Demo Intelligent Investigation Manager optimizes fraud investigation and analysis and it dynamically coordinates and reports on cases, provides analysis and visualization, and enables more...
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government View this IBM webinar to learn about the challenges and opportunities in fraud reduction, waste, and abuse in government programs and agencies. You...
- Pre-Engineered solutions from VCE Simplify Core Infrastructure Implementation In this video, the CTO of Purdue Pharma, a privately held pharmaceutical company explains how Purdue transformed their data center infrastructure with VCE.
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.