Effective CPOs Must Justify Their RolesA Conversation with IBM's First Chief Privacy Officer
Chief privacy officers, to be effective, must justify their roles within their organizations.
"The first place to start is figuring out how does my organization use data, and use data about people," says Harriet Pearson, who served as IBM's first chief privacy officer. "If I understand really well where the data is, what it's been used for, then I can figure out as a privacy leader how I can contribute to my organization and to privacy."
Pearson, now a private practice attorney specializing in IT privacy and security law, characterizes information privacy as a very dynamic area. "Every day, you read about an issue or a new law, and you really need to be able to look around corners."
As part of ISMG's series of Careers interviews with leading practitioners and thought-leaders in information security, privacy and risk management, Pearson discusses:
- How a project she worked on as a public policy expert regarding data privacy at IBM in the early days of the Internet led to her job as the first chief privacy officer at a major American corporation. "I was asked to develop a strategy for what a leadership company's approach should be on privacy. And, the rest, as they say, is history."
- Why privacy professionals should engage in extra-curricular activities, such as association membership, to advance their careers. "To call them extracurriculars is actually diminishing the importance of them because, I think, they're vital to being a well-rounded professional. It's hard, particularly in a dynamic area such as this, to maintain currency, to really understand what is going on unless you have a network that helps you make sense of the environment."
- Why it's important for privacy attorneys to publish their ideas in articles, Web postings and other media. "It's really a matter of being a professional in this field. Writing about the areas in which you practice is an important way to stay current and be able to engage others in conversations about concrete issues."
Before joining the law firm Hogan Lovells in 2012, where she's a partner in its Washington office, Pearson worked at IBM for 19 years, most recently as vice president, security counsel and chief privacy officer, leading global initiatives in public policy, cybersecurity and data privacy. From 2007 to 2010, Pearson also taught a graduate seminar on security, privacy and trust at Georgetown University.