A privacy officer at a global company found a way to collaborate efficiently at a top level, while ensuring the protection of company assets, reports Greg Masters.
Kristen Knight's work as senior privacy officer at Philips Electronics North America provides significant challenges in an ever-evolving environment – both with regard to innovation and regulation. A good deal of her time is spent figuring out how best to meet the international privacy requirements that impact the company's business and its customers.
Headquartered in the Netherlands, Philips employs more than 120,000 people with sales and services in more than 100 countries worldwide. With sales of $29.2 billion in 2010, the company is a market leader in electronic devices for medical and home health care, lighting and portable entertainment.
Keeping data flowing among an international workforce and its customers raises a number of logistical challenges, but the top priority for Knight these days centers around privacy issues. She uses both internal and external resources to keep a finger on the pulse of changes in the privacy realm and how those changes may affect Philips' business and its customers.
Cloud computing, for one, has become a top challenge because of European restrictions on the use of cloud service providers and how to juxtapose those with increased globalization of data-processing activities. There's no doubt that enterprises are migrating a good deal of their network operations to the cloud, recognizing the potential in cost savings and the convenience it offers in linking employees scattered everywhere around the globe. But, while the momentum is certainly in its favor, for those attuned to the security risks involved, cloud implementations raise a number of new alarms regarding privacy and compliance.
With social media, the challenge has been to find the the right balance to enable appropriate use while balancing that with privacy concerns.
Of course, the use of mobile devices and apps in the workplace has risen as a security concern. The challenge here, she says, is to take advantage of these technologies, but remain in compliance with data protection requirements.
As a global company, Knight (left) says Philips must grapple with multinational issues, such as the delivery of service issues and varying compliance issues across borders.
Too, as far as compliance, she says there is a continual need to re-evaluate HIPAA. For her, this process starts by focusing on technical and security controls, but now this regulation must accommodate a complex set of issues as the industry is looking at things like de-identification and what is personal and what is not.
"In other words, you can't dump data all in the same bucket, whether it's health care information or not," she says. "We are watching key things, including FTC and federal and state consumer protection decisions that will be key to our approach," she says.
But, keeping tabs on all the restrictions, laws, regulations and industry best practices governing data protection, especially internationally, can be a daunting task. "We are all extremely busy these day just trying to keep up with ever-shifting privacy compliance environment, and our own, personal time constraints," she says.
The power of collaboration in addressing these issues cannot be emphasized enough, she says. "No one privacy officer can get to all the information they need. So targeted, focused collaboration has become a key component of being successful."