Jeff Northrop CISSP, CIPP/US, CIPP/IT, IAPP, Director
As a Director at the IAPP I have a unique perspective into the rapid growth of privacy and what it will mean to IT security professionals in the near future. In this presentation I will discuss the gray line between the information security profession and a privacy profession, the current state of privacy laws and regulations around the world, and how the IT security professional should integrate these into business decision as well as policy and software development.
It took more than a decade of highly publicized data breaches and break-ins for lawmakers and regulators to enact reforms, but once enacted the nation's board rooms to began to pay attention to information security in their organizations. A similar shift is occurring with privacy issues, and this time it won't take a decade to gain prominence.
And, for better or worse, without a clear definition of what "privacy" means in the US, the IT department is often leaned on to manage this issue. An understanding of privacy laws, regulations and best practices, as well as knowing how to integrate that information into policies and development life-cycles, is an important tool for an IT professional. With that knowledge he becomes a critical asset contributing to the long-term success and competitiveness of an organization.