Larry Ponemon, head of the Ponemon Institute, agreed. “The biggest source of demand for privacy advisory services will be helping to navigate regulations.”
The lingering effects of the war on terror caught the attention of Ed McNicholas, head of the privacy practice at Sidley Austin. "The privacy impacts of antiterrorism programs — and the potential liability of corporate America for such programs — will continue to be a predominant issue for years to come," he said. But others also see trends in the marketplace posing new challenges to corporate privacy programs.
“I think more companies will start to realize over the next couple of years that legal compliance alone won't be enough to retain their customers' trust,” said Richard Purcell, head of Corporate Privacy Group.
“I anticipate a significant upsurge in companies embracing new media technologies,” said Justine Gottshall of Wildman Harrold, “and needing to address the privacy, security and related compliance issues that are inherent in utilizing new media to its fullest potential.”
Stu Ingis of Venable agreed. "New media advertising is beginning to become mainstream, and household brands will race to understand how to utilize these services while staying within legal and self-regulatory accepted practices."
“As wireless applications continue to develop and technologies further converge, new questions will arise about protecting privacy in a wireless world,” added Alisa Bergman of Venable.
With stepped-up legal enforcement, more visibility on corporate-to-government data sharing, and new technologies impacting privacy, Rena Mears, head of Deloitte's privacy practice, sees “a growing need for integrated solutions incorporating risk identification, governance, operational controls and technologies.” What will these solutions look like?
Jim Koenig, co-leader of PwC’s privacy practice, thinks major organizational changes are part of the solution. "We see a trend where CPOs and chief compliance officers are working together to build privacy, security and identity theft prevention into larger, integrated, global risk-management frameworks."
So. if you're one of the companies I contacted for the survey that didn't have someone in charge of privacy, you may be playing catch-up in 2008.
Jay Cline is a former chief privacy officer of a Fortune 500 company and now president of Minnesota Privacy Consultants. You can reach him at cwprivacy@computerworld.com.
Popular privacy-law practices
For the second year, corporate privacy professionals said Hunton & Williams was their top choice among law firms with privacy practices. Many of the top vote-getters have bolstered their incident-response and international-compliance practice areas since 2006.
|
Firms |
Voting Tier* |
Privacy FTEs on Staff** |
Key Practice Areas*** |
|
Hunton & Williams |
I |
24 |
• Global data protection • Information security and incident response • Financial, health and workplace |
|
Venable |
I |
10 |
• Incident response, audits, compliance • Legislation, investigations and litigation • International data protection |
|
Baker & McKenzie |
I |
60 |
• Global compliance and data transfers • Offshoring, outsourcing and third party • Direct marketing, e-commerce and technology |
|
Wiley Rein |
II |
5 |
• Health care and financial services • Overall privacy assessments • Privacy investigations and litigation |
|
Privacy & Information Management Services |
II |
2 |
• International data protection • Targeted marketing • Privacy assessments and incident response |
|
Morrison & Foerster |
II |
20 |
• Privacy and data security advice • Technology and sourcing transactions • Litigation and dispute resolution |
|
Field Fisher Waterhouse |
III |
8 |
• Global privacy compliance • EU data protection and security • Binding corporate rules |
|
Covington & Burling |
III |
15 |
• Global compliance audits • Security legislation and incident response • New media and online advertising |
|
WilmerHale |
III |
7 |
• International compliance • FTC and U.S. state compliance • HIPAA, GLB and COPPA compliance |
|
Sidley Austin |
III |
21 |
• Data breach and information security • Global data protection audits • Workplace, sectoral and national security |
|
Faegre & Benson |
III |
12 |
• Global compliance and data transfers • E-commerce and direct marketing • Financial, health care and employee |
|
Cabinet Gelly |
III |
1 |
• European and French data protection • International data transfers • HRM and CRM system compliance |
|
Hogan & Hartson |
III |
25 |
• Privacy and security audits • International compliance • Financial and health care |
|
Wildman Harrold |
III |
13 |
• New media and marketing • Compliance assessments and implementation • Breach prevention, response and litigation |
Based on 393 responses to the question, "Which law firm has the best privacy practice?"
*Voting Tier I = over 10% of votes cast; Tier II = 5% to 10%; Tier III = 1% to 4%.
**Firms estimated their full-time equivalents working on privacy and provided links to staff bios to corroborate.
***Firms volunteered their key practice areas.
Top privacy audit and consulting firms
The Big 4 audit firms topped the nonlaw firm list for the second year, although Booz Allen and several smaller firms newly joined the rankings. Privacy-compliance and privacy-program creation were commonly cited practice areas in this group.
|
Firms |
Voting Tier* |
CIPPs on Staff** |
Key Practice Areas*** |
|
Ernst & Young |
I |
36 |
• Regulatory compliance and risk assessment • Vendor risk management • Privacy audits and assessments |
|
Deloitte & Touche |
I |
54 |
• Global strategies and programs • Governance, operations and technology implementation • Audit, compliance and incident response |
|
PricewaterhouseCoopers |
I |
25 |
• Global regulatory compliance • Information security and risk management • Privacy program development |
|
KPMG |
II |
22 |
• Global privacy strategies and programs • Audit, compliance and incident response • Vendor risk management |
|
Booz Allen Hamilton |
II |
22 |
• Global privacy strategies and programs • Incident response and risk management • Privacy operationalization and compliance |
|
Samet Privacy |
III |
2 |
• Assessments, audits, policies and training • Web, technology and new media • COPPA, Truste, Safe Harbor |
|
Rebecca Herold |
III |
1 |
• Privacy and compliance programs and education • Information security programs and education • Vendor risk management |
|
Privacy Ready |
III |
1 |
• Privacy strategies and programs • Issue prevention and management • Product privacy impact assessments |
|
Corporate Privacy Group |
III |
1 |
• Privacy strategies and programs • Education for PII management • Compliance planning and oversight |
Based on 203 responses to the question, "Among consulting and audit firms, which one has the best privacy practice?"
*Voting Tier I = over 10% of votes cast; Tier II = 5% to 10%; Tier III = 1% to 4%.
**Firms reported the number of Certified Information Privacy Professionals as recorded by the International Association of Privacy Professionals.
***Firms volunteered their key practice areas.
****Votes for Minnesota Privacy Consultants were excluded.
Top 25 privacy experts
Privacy attorneys dominated this first-time poll, although a number of CPOs and consultants dotted the list.
|
Privacy Experts |
Voting Tier* |
Firm |
|
Lisa Sotto |
I |
Hunton & Williams |
|
Kirk Nahra |
II |
Wiley Rein |
|
Chris Kuner |
II |
Hunton & Williams |
|
Alisa Bergman |
II |
Venable |
|
Peggy Eisenhauer |
III |
Privacy & Information Management Services |
|
Stu Ingis |
III |
Venable |
|
Brian Hengesbaugh |
III |
Baker & McKenzie |
|
Marty Abrams |
III |
Hunton & Williams |
|
Fred Cate |
III |
Indiana University |
|
Ruth Bro |
III |
Baker & McKenzie |
|
Becky Burr |
III |
WilmerHale |
|
Shai Samet |
III |
Samet Privacy |
|
Rebecca Herold |
III |
Rebecca Herold |
|
Jeff Nicol |
III |
Privacy Ready |
|
Maureen Cooney |
III |
Hunton & Williams |
|
Bridget Treacy |
III |
Hunton & Williams |
|
Eduardo Ustaran |
III |
Field Fisher Waterhouse |
|
Pascale Gelly |
III |
Cabinet Gelly |
|
Anna Gamvros |
III |
Baker & McKenzie |
|
Emilio Cividanes |
III |
Venable |
|
Larry Ponemon |
III |
Ponemon Institute |
|
Miriam Wugmeister |
III |
Morrison & Foerster |
|
Ed McNicholas |
III |
Sidley Austin |
|
Richard Purcell |
III |
Corporate Privacy Group |
|
Dan Swartwood |
III |
Motorola |
Based on 421 responses to the question, "Which individual person would you say is the No. 1 privacy expert?"
*Voting Tier I = over 10% of votes cast; Tier II = 5% to 10%; Tier III = 1% to 4%.