Greetings from Portsmouth, NH!
I write to you on this Friday the 13th after yet another crazy week in privacy news. Of course, much of the media’s focus this week has been on the two-day testimony by Facebook CEO Mark Zuckerberg on Capitol Hill. On day one, our own Angelique Carson was on hand to document the super long lines and the relevant takeaways for privacy pros. If you need to catch up, be sure to check it out.Â
Over the years, I’ve covered dozens of congressional hearings, and for anyone familiar with the general protocol, witnesses present their opening statement for five minutes, then each lawmaker has five minutes to ask questions, make statements, or, in some cases, rant. It’s a system that’s worked fairly well over the years, but what’s becoming clear, particularly this week during the Zuckerberg hearings, is that five minutes is not enough time to glean a more in-depth and relevant line of questioning. The digital ecosystem is complex. Understanding it and getting witnesses to discuss it at length, with nuance, isÂ becoming more and more difficult. No doubt, there will be many more hearings in the coming months and years that will tackle the digital ecosystem and privacy. This old way of questioning witnesses may need reprogramming.Â
Hopefully lawmakers will get together and form more comprehensive lines of questioning for witnesses, while also getting more savvy on technology. We’re seeing some taking on fellowsÂ who are well versed in privacy, information security and technology. The TechCongress Fellowship is playing an important role here. I recently had the chance to meet Sen. Rand Paul’s fellow, James Gimbi, at a Future of Privacy Forum event in Washington. He has extensive experience working on cybersecurity issues while at Mandiant and FireEye. Chris Soghoian, who has long been known for his firebrandÂ style of privacy advocacy, was a 2017 fellow and now works full time for Sen. Ron Wyden, D-Ore. And not to be left out, in 2016, long-time IAPP member JC Cannon, who wrote the IAPP publication Privacy in Technology: Standards and Practices for Engineers and Security and IT Professionals, was part of the inaugural batch of fellows. I hope this fellowship continues to grow and thrive so that our lawmakers can better grasp the complexity and nuance of the digital ecosystem.Â
Speaking of cybersecurity and technology, I’m heading to San Francisco this weekend to attend the RSA security conference next week. The IAPP is excited to offer a half-day track Monday, featuring some seriously talented privacy pros. Our goal is to speak to the security community on behalf of the privacy community, particularly in light of the EU General Data Protection Regulation. We want to show that the GDPR is not just a privacy regulation, that it also involves security compliance and that privacy pros can help operationalize it. We hope this will help build upon a discussion that privacy pros and security pros should be having with each other, to work together to implement and operationalize this complex regulation. If you’re in the area, drop me an email and let’s chat!
In the meantime, have a great weekend.Â