Chief Privacy Officers, Marcus Morissette and the privacy function at eBay reside in the legal department, reporting up to the General Counsel. A large number of CPOs themselves are lawyers or other legal professionals who are charged with understanding and complying with regulatory requirements as to how personal information for consumers can be collected, used, retained, erased or destroyed.
In most instances, however, legal officers are often not attuned with the investments and technologies that are needed to automate and operationalize how consumer data needs to be managed, said Morissette. While there are some companies and CPOs that have successfully bridged this technology gap, most others continue to struggle.
"A lot of what needs to be done with privacy and getting ready for the GDPR (the General Data Protection Regulation) is highly technology focused. Most privacy challenges, and solutions, have people, process, and technology components. Most privacy teams are, and legal departments are not, generally prepared to address the technology component of initiatives, in terms of technology and program management skills, and (most significantly) budget," said Morissette, who will be sharing his insights on data privacy and GDPR requirements at HMG Strategy's 2017 Seattle CIO Executive Leadership Summit
on October 31.
"When a CPO engages with product and technology teams to develop/implement privacy technologies, they may find themselves competing with 20 other high priority projects that are already in those team's plans," Morissette added. "CPOs need to be strongly aligned not only with the Chief Security Officer but also with the CTO and the CIO. The CPO should understand the CIO's world and the CIO should understand the regulatory world."
-Marcus Morissette will be presenting at the 2017 Seattle CIO Executive Leadership Summit
. To learn more about the summit, including speakers and topics that will be explored, click here