DeMaree sees "many more data security breaches" on the horizon generating support for a federal breach-notification law.
Later in 2005, Peggy Eisenhauer became the first privacy entrepreneur south of the Mason-Dixon Line. After starting the privacy practice at law firm Hunton & Williams, Eisenhauer was itching for a new challenge. So she created Privacy & Information Management Services, a boutique law firm focusing on privacy, security and records management.
"I started PIMS because I wanted more flexibility to serve my global privacy clients," she told me. "Being a small firm enables me to have relationships with many larger partners so that I can always have the expertise needed by my clients."
Although assisting firms with their response to security breaches has become a surprising share of her work, Eisenhauer sees more purely privacy work on the horizon. "Over the next two years, I expect to see continued developments in privacy laws, both in the U.S. and abroad," she said.
Last summer, Shai Samet became the latest privacy guru to throw his hat into the ring when he formed Los Angeles-based Samet Privacy LLC. Samet was seeing a convergence of three trends — broadband Internet access, centralization of data processing and security-breach notification laws — creating a business opportunity.
"We've gotten off to a faster start than expected," said Samet, who's in hiring mode. "Companies have really taken an interest in working with smaller firms that they know and trust."
Like his peers, he helps companies develop all facets of a privacy program. His niche is a focus on Children's Online Privacy Protection Act (COPPA) compliance, the Southern California market and helping companies implement privacy-related technology products offered by others such as Truste. He's also added the related field of records management to his portfolio.
What are Samet's words of advice for new practitioners?
"Be patient," he told me. "There's a lot of privacy work out there, and sometimes, it just takes time before a company is ready to pull the trigger. Persistence and timing are key in the sales process."
And how can organizations best tap the value of this reserve pool of privacy talent?
Herold perhaps put it best: "Be completely open with them," she said. "They'll turn on a dime, faster and more affordable than any large organization, to learn your business and give you value."
"But let them know as soon as possible if the project may not continue," she added. "If they turn down other jobs to work for you, they'll take a big financial hit."
| Privacy Entrepreneurs in North America These privacy pioneers are taking a chance that corporate chief privacy officers will seek more bang for the buck working with smaller, more specialized firms. |
||||
| Privacy firm | Location | Year founded | No. of employees | Geographic or functional focus |
| Ponemon Institute LLC | Upper Michigan | 2001 | 7 | Advancing responsible information management; privacy research and verification |
| Nymity Inc. | Toronto | 2002 | 6 & hiring | Web-based privacy support |
| Corporate Privacy Group, a division of Three Forts LLC | Seattle area | 2003 | 2 | Employee awareness and training on privacy; strategic planning for privacy |
| Chapell & Associates LLC | New York | 2003 | 4 | Privacy program development, with a focus on interactive and technology organizations |
| Rebecca Herold LLC | Des Moines | 2004 | 1 | Privacy and security program development and troubleshooting; third-party assessment |
| DeMaree Consulting Inc | Colorado Springs | 2005 | 2 | Privacy program development, with a focus on the retail industry |
| Privacy and Information Management Services LLP | Atlanta | 2005 | 2 | All legal matters related to information management |
| Samet Privacy LLC | Los Angeles | 2006 | 3 contractors & hiring | Privacy program development, with a focus on children's privacy and Southern California |
Cline is a former chief privacy officer of a Fortune 500 company and now president of Minnesota Privacy Consultants. You can reach him at cwprivacy@computerworld.com.