How the Privacy Landscape is Creating In-Demand Jobs

April 20, 2015

By KimAnh Tran, Associate Legal Counsel, CIPP/US, Contributor

High profile breaches seem to arise almost weekly across all industries and verticals, making privacy and security top-of-mind for organizations large and small. Fear has proven to be a strong motivator for many organizations, as an expensive remediation process, a regulatory audit and a public relations disaster looms with any breach. Predictably, companies are reacting by trying to clean up their own privacy practices company-wide. This objective, though admirable, is not easily accomplished, and typically requires the skills of experienced privacy professionals.

Privacy management as an industry is still relatively young and consequently, privacy veterans are few and far between. However, more and more job descriptions express a need for seasoned privacy professionals with experience in tracking and understanding privacy regulations and best practices, and applying such knowledge in a variety of different roles and functions.

Though official titles may vary, there are several roles and functions that seem to be in-demand in the privacy space. The qualifications for each may differ depending on company size, the company’s industry and need for privacy support. However, a CIPP certification through the International Association of Privacy Professional may indicate a certain level of credibility and dedication to privacy in the eyes of a hiring manager.

Read more “How the Privacy Landscape is Creating In-Demand Jobs”

EdTech Companies: Tips on Compliance with the Applicable Regulatory Framework (COPPA)

April 02, 2015

By Shreya Vora, Esq., CIPP/US

Educational technology is really taking off. Kids today use tablets and computers at school, learning apps and a bevy of other online tools. When building products for the education technology sector, all business owners need to consider privacy – everyone from budding entrepreneurs to established companies to large multi-national corporations.  When your technology is aimed at kids there are laws as well as best practices to follow in order to mitigate risk and ensure consumer trust.

Understanding the legal landscape within which your technology is operating is essential to ensuring your company’s survival and success. Failure to comply can lead to hefty fines, the loss of business, reputational damage, and a media nightmare. Understanding the laws and best practices in your industry will empower you to design and update your technology with children’s privacy issues in mind. It goes without saying that given the speed of technological innovation, many of the applicable laws have necessitated (and continue to necessitate) reform to truly address the risks posed by education technology, as well as the data gathered about children through such technology (i.e. what can be done with metadata, data retention policies, use of information for advertising purposes — the list goes on). That said, for those working in this space, there are some key regulations to keep in mind (though this is by no means a comprehensive list).

Read more “EdTech Companies: Tips on Compliance with the Applicable Regulatory Framework (COPPA)”

Using Privacy Engineering To Make Your Company More ‘Likeable’

March 31, 2015

By Alexandra Ross, The Privacy Guru

Last week I had the pleasure of speaking at the Privacy Innovations & Technology event, “Demystifying Privacy Engineering” hosted at the TRUSTe offices. In a lively session, we discussed the basics of Privacy by Design (PbD) and Privacy Engineering, including examples of how to implement Privacy Engineering, career opportunities as a privacy engineer, and how Privacy Engineering can be used as a competitive advantage.


At this year’s SXSW, Deepti Rohatgi, head of policy at Lookout, a cybersecurity company, encouraged developers to think about privacy as a product. Lookout, which offers an open source privacy policy generator, believes in the measurable impact of privacy engineering. Lookout recommended A/B testing of thoughtfully designed privacy policies and features, and encouraged the use of privacy engineering to increase customer trust and a company’s overall “likeability.”

Should this idea be revolutionary? Perhaps not, but it’s a departure from how many developers and tech executives regard privacy practices. The era of “bolt on” and stop-gap privacy patching is coming to an end. The stakes are high, as users are growing increasingly more aware of privacy issues.

Read more “Using Privacy Engineering To Make Your Company More ‘Likeable’”

The Upsides and Downsides of Private Messaging Apps

January 26, 2015

By Alexandra Ross, The Privacy Guru 

Have we reached the end of the “age of oversharing”? Private messaging apps are the fastest growing category of apps, according to mobile analytics firm Flurry. Recent stats show downloads of private social messaging apps increased 200 percent in 2013 over 2012.

From the basic urge to just “say Yo” or share a few emoji, to the distribution of self-destructing content to select audiences, the desire for greater control over privacy seems to be driving the private messaging boom.

The Guardian recently reviewed its picks for the 10 best messaging apps. (One omission from this list is Wickr, regarded as one of the most secure options.)

The allure of private messaging technology is undeniable. But there are upsides and downsides to these apps and tools.

Read more “The Upsides and Downsides of Private Messaging Apps”

Make Data Privacy & Security Your New Year’s Resolution

January 09, 2014

Heather M. Federman
Director of Public Policy, Online Trust Alliance

Make data privacy & security your 2014 resolution 

Join TRUSTe at the OTA’s Data Privacy Day Town Halls in NYC, Seattle and San Francisco & Save 20%

It’s no longer an “if” your company will become the target of a data breach; it’s just a matter of “when.”  From small nonprofits to Fortune 500 tech-savvy organizations, breaches and data loss incidents are becoming an unfortunate rite of passage. More and more businesses have found themselves exposed and ill prepared to manage the fallout.  In addition to the confusing (and conflicting) regulatory landscape, breaches can be quite expensive, with the average cost equaling $5.5 million. And while innovative defenses against privacy and security threats are introduced with each passing year, cybercriminals outpace those innovations with new and more malicious tactics.

As online trust is on the decline, 2014 needs to be the year of “Data & Privacy Stewardship.” This requires moving from minimal compliance to enhancing the protection of your company, your data and your customers. In order to do so, consider the following New Year “data resolutions”: Read more “Make Data Privacy & Security Your New Year’s Resolution”