Author: Rafael Moscatel, CIPM, CRM, IGP

Optics: Perception Becomes Reality

The following passage is an excerpt from the soon to be released book, Tomorrow’s Job’s Today, available from John Hunt Publishing in April 2021.

Optics: perception becomes reality

These days everybody wants to be perceived as a “thought leader” and “focused on strategy.” That’s a reasonable and legitimate goal. But strategy must be complemented by subject matter expertise, and too generalized of a strategy is frequently where our most painful productivity issues originate. Sooner or later, somebody has to roll up their sleeves, become the specialist, or take responsibility for coordinating a team’s collective thoughts into a coherent game plan. It’s no surprise that most generalists begin their careers as specialists.

It’s the substantive work that ultimately refines your capabilities and gives you the insight to lead big projects and teams. I’ll leave the specific number of hours required for expertise to Malcolm Gladwell. But the truth remains that the only way you gain experience is by taking on the dirty work and assuming ownership over both success and failure. What matters to management as much as the outcome is how you are perceived while responding to those challenges and how you carry yourself through the ups and downs. How you handle the blows matters more than how you take the bows.

We’re all aware that certain projects, those in which repetitive, mundane, administrative, or technical work is required, are avoided like the plague by line employees and management alike. It’s not as exciting as “What should we do next with this ridiculous budget or patented technology?!” When a project does happen to spark immediate interest and quickly garner executive support, once it moves past the planning stages, it too can begin to feel like nobody on the team wants to be bothered with the specific logistics. It ends up either a shell of itself, on the chopping block, or just the back burner. This is especially true in larger organizations where the majority of stakeholders are not incentivized to profit from the idea or initiative’s success directly.

Surprisingly, what can blossom from these hellish projects are new, bold leaders, since these are also opportunities for individuals willing to board the ship and chart the obstacle course. These are the champions in life and work who drive initiatives forward because they’re more interested in accomplishing something and learning new skills than getting (or stealing) the credit. They are playing a long game, and that’s how they outwit those who would short their own stock. Of course, we all know individuals who have been elevated by less ethical means and have gone on to lead companies, even governments! But there is no long-term professional value for lifetime purveyors of immediate gratification.

Modern knowledge workers expect to graduate into advanced roles and focus increasingly on delegation. Yet a strictly hands-off attitude ultimately results in us easily falling out of touch with basic business operations, over time making us seem unrelatable and aloof to our co-workers and customers. We naively assume technology or corporate bureaucracy will shoulder all the tedious processes we’re tasked with rather than striving to understand its impact on our businesses and identifying room for further efficiency.

Masses of employees, especially those basking in the spend-it-or-lose-it public sector, have grown comfortable with management throwing money at a problem or bringing in consultants to clean up a mess instead of tackling causation. As leaders and executives, we never want to take a step backward and be viewed as unwilling to trust and delegate. Yet there is much to be said for staying familiar with, remaining involved in, and practicing the discipline in which you claim to have expertise.

In this Information Age, we need to stay current with the problems our industry is facing, intimately, so that our ideas remain fresh, so we can retool and modernize the principles that have worked for us. Those principles and optics help get our teams to score on goal posts that always seem to be moving.

To sign up for our newsletter and latest updates on the book click here.

California Consumer Privacy Act – Free Webinar

Does your business know how to report a #databreach should it occur? Having a partner to help when facing the reporting responsibility could make all the difference when reporting to those affected and all regulatory entities. #dataprotection #dataprivacy #compliance

The Worst They Can Say Is No

If my 88-year-old mother ever had a LinkedIn profile, her headline would read something like “Former ingenue, entrepreneur, dreamer, and the rest is none of your business, my dear.” But to those who’ve had the privilege to know her over the decades, her mantra has always been, quite emphatically, to treat everybody with dignity. That was one of the main reasons she was receptive to opportunity.

She began working from an early age and later helped my father through chiropractic school by working long hours as a Hollywood extra during the fifties and sixties. Though never seeking stardom, she knocked on enough doors to get a lot of good work, saved some seed money, and established relationships that would eventually transform her life. Mom leveraged her positive attitude and tough shell to find opportunities, sell her strengths, and laugh off rejection. “It’s no big deal,” she always told me as a kid when the chips were down and she says the same thing to me now.

Most importantly, and by example, Mom taught me that you should never feel afraid to negotiate a deal because the absolute worst “they,” a client, customer, or possible employer can say is… no.

Professing Principles of Digital Ethics and Privacy – CPO Magazine

via Professing Principles of Digital Ethics and Privacy – CPO Magazine

“For me, trust has to be earned. It’s not something that can be demanded or pulled out of a drawer and handed over. And the more government or the business sector shows genuine regard and respect for peoples’ privacy in their actions, as well as in their word and policies, the more that trust will come into being.” Dr. Anita L. Allen

Dr. Anita Allen serves as Vice Provost for Faculty and Henry R. Silverman Professor of Law and Philosophy at the University of Pennsylvania. Dr. Allen is a renowned expert in the areas of privacy, data protection, ethics, bioethics, and higher education, having authored the first casebook on privacy law and has been awarded numerous accolades and fellowships for her work. She earned her JD from Harvard and both her Ph.D. and master’s in philosophy from the University of Michigan. I had the opportunity to speak with her recently about her illustrious career, the origins of American privacy law and her predictions about the information age.

Q: Dr. Allen, a few years ago you spoke to the Aspen Institute and offered a prediction that “our grandchildren will resurrect privacy from a shallow grave just in time to secure the freedom, fairness, democracy, and dignity we all value… a longing for solitude and independence of mind and confidentiality…” Do you still feel that way, and if so, what will be the motivating factors for reclaiming those sacred principles?

A: Yes, I believe that very hopeful prediction will come true because there’s an increasing sense in the general public of the extent to which we have perhaps unwittingly ceded our privacy controls to the corporate sector, and in addition to that, to the government. I think the Facebook problems that had been so much in the news around Cambridge Analytica have made us sensitive and aware of the fact that we are, by simply doing things we enjoy, like communicating with friends on social media, putting our lives in the hands of strangers.

Before you continue reading, how about a follow on LinkedIn?

And so, these kinds of disclosures, whether they’re going to be on Facebook or some other social media business, are going to drive the next generation to be more cautious. They’ll be circumspect about how they manage their personal information, leading to, I hope, eventually, a redoubled effort to ensure our laws and policies are respectful of personal privacy.

Q: Perhaps the next generation heeds the wisdom of their elders and avoids the career pitfalls and reputational consequences of exposing too much on the internet?

A: I do think that’s it as well. Your original question was about my prediction that the future would see a restoration of concern about privacy. I believe that, yes, as experience shows the younger generation just what the consequences are of living your life in the public view and there will be a turnaround to some extent. To get people to focus on what they have to lose. It’s not just that you could lose job opportunities. You could lose school admissions. You could lose relationship opportunities and the ability to find the right partner because your reputation is so horrible on social media.

All of those consequences are causing people to be a little more reserved. It may lead to a big turnaround when people finally get enough control over their understanding of those consequences that they activate their political and governmental institutions to do better by them.

Q: While our right to privacy isn’t explicitly stated in the U.S. Constitution, it’s reasonably inferred from the language in the amendments. Yet today, “the right to be forgotten” is an uphill battle. Some bad actors brazenly disregard a “right to be left alone,” as defined by Justice Brandeis in 1890. Is legislation insufficient to protect privacy in the Information Age, or is the fault on the part of law enforcement and the courts?

A: I’ve had the distinct pleasure to follow developments in privacy law pretty carefully for the last 20 years, now approaching 30, and am the author or co-author of numerous textbooks on the right to privacy in the law, and so I’m familiar with the legal landscape. I can say from that familiarity that the measures we have in place right now are not adequate. It’s because the vast majority of our privacy laws were written literally before the internet, and in some cases in the late 1980s or early 1990s or early 2000s as the world was vastly evolving. So yes, we do need to go back and refresh our electronic communications and children’s internet privacy laws. We need to rethink our health privacy laws constantly. And all of our privacy laws need to be updated to reflect existing practices and technologies.

The right to be forgotten, which is a right described today as a new right created by the power of Google, is an old right that goes back to the beginning of privacy law. Even in the early 20th century, people were concerned about whether or not dated, but true information about people could be republished. So, it’s not a new question, but it has a new shape. It would be wonderful if our laws and our common law could be rewritten so that the contemporary versions of old problems, and completely new issues brought on by global technologies, could be rethought in light of current realities.

Read more at Professing Principles of Digital Ethics and Privacy – CPO Magazine

 

Cover Reveal! Tomorrow’s Jobs Today: Wisdom and Career Advice from Thought Leaders in AI, Big Data, Blockchain, the Internet of Things, Privacy, and More

Next April 30th, JOHN HUNT PUBLISHING LIMITED will release our new book “Tomorrow’s Jobs Today: Wisdom and Career Advice from Thought Leaders in #AI#BigData#Blockchain, the #InternetofThings#Privacy, and More.” Here’s the cover reveal! Tremendous thanks to the many visionary business leaders who contributed to the effort including Michael Moon Jones Lukose MBA, PhD Ashish Gadnis Katrina Miller Parrish Anand Rao  Patrick “PC” Sweeney Peggy Winton, CIP Seth Williams Anand Rao Nick Inglis, IGP, CIP, INFO Ulrich Kampffmeyer Gregory Steinhauer John Isaza, Esq., FAI Andy Watson Priya Keshav Kevin Gray Amb-Dr. Oyedokun Ayodeji Oyewole FIIM, ERMS, RMEM, FIRMS George Socha Dux Raymond Sy Markus Lindelow April Dmytrenko, FAI, CRM Douglas C. WilliamsMark Patrick, CIP and Miguel Mairlot. Most of all to my co-author Abby Moscatel. Learn more about the #book at www.tomorrowsjobstoday.

Secrets of the Scrap Metal King of Albuquerque

The following is an exclusive excerpt from the book “Tomorrow’s Jobs Today: Wisdom and Career Advice from Thought Leaders in AI, Big Data, Blockchain, the Internet of Things, Privacy, and More” available soon from John Hunt Publishing.

The convergence of technology and the rule of law is expected to intensify over the coming years. It’s a paradigm shift that will force organizations of all sizes, private and public, across all verticals, to balance a world ripe with innovation with an evolving universe of risk and regulatory pressure. Employers and their workforces will be inclined to adapt to this dynamic new digital landscape in their personal and professional lives. Like every era before it, the individuals who lead the way will separate themselves from the pack by identifying, engaging in, and fostering the right opportunities wherever they reveal themselves. They understand that identifying gaps is one key to seizing those opportunities.

One of the most amusing success stories exemplifying this point comes from the first part of the twentieth century. It involves a weary soldier returning from World War I. As the story goes, the GI was tired but also thrilled to be alive after countless friends had been killed, and so much of the world he knew destroyed. He was discharged in California and put on a Pullman train packed with other vets traveling from San Francisco to the East Coast. Like his fellow soldiers, the young man enjoyed his share of spirits in the bar car, and by the time they crossed over into New Mexico, most of the train’s passengers were quite drunk. Naturally, overconsumption can lead to brawling, and that’s what occurred by early noon. He held his own for a while, but eventually, he was thrown from the caboose about 15 miles outside of Albuquerque. In those days, that was the middle of nowhere.

If that wasn’t bad enough, he only had enough money to buy himself a bus ticket to finish the last leg of the trip and maybe half a sandwich. Slightly drunk and out of luck, he began walking down the road parallel to the railroad towards town. As he sobered up along the path, he started noticing a lot of broken-down sedans, pickup trucks, and roadsters abandoned along the highway, likely having run out of gas. Remember, this was 1918, before GPS and call boxes, let alone gas stations… in the desert! Well, this young man thought a lot about those beat-up clunkers, and in between each one, as he made his way to civilization, he began thinking about what the vehicles represented. By the time he finally made it to town, he had come up with one hell of an idea.

Despite being parched and stinking to high heaven, he abandoned his plans to purchase a bus ticket and used what was left in his pocket to put a payment down on a tow truck. The next day he filled up the tank and set back along that road he’d traversed the afternoon before. Well, wouldn’t you know it? He picked up every darn one of those lonely jalopies and dragged them back to a lot he’d rented from the same lessor who extended him credit for the tow truck.

Less than a decade later that GI was the third-largest scrap metal salesman in the Southwest United States. By the time he died, about the richest man in Albuquerque. He never quite made it home to Boston, but he did learn first-hand about how your journey is often more enjoyable, and profitable than arriving at your destination.

So, what are your broken-down jalopies? What are the business processes, products, or teams you see broken down and in need of repair or improvement around your organization or community? How can you, like that GI, turn a real crap situation into one that benefits not just you, but ultimately the world around you? Can you identify the gaps in between the stops along the way to your goals? Are you ready to seize the day? Are you thrilled to be alive like that weary soldier the day he was thrown from the train?

Rafael Moscatel, CIPM, CRM, IGP, is the Managing Director of Compliance and Privacy Partners. He has developed large-scale information management, privacy and digital transformation programs for Fortune 500 companies such as Paramount Pictures and Farmers Insurance. Contact him at www.capp-llc.com or follow him on Twitter @rafael_moscatel.

Data Governance: How to Tackle 3 Key Issues – BankInfoSecurity

The ease of digitally storing and monetizing personal information has now run up against the rights of consumers to access and in some sense, reclaim ownership of that data,”

via Data Governance: How to Tackle 3 Key Issues – BankInfoSecurity

Shift in Concept of Privacy

Privacy requirements have changed dramatically as a result of GDPR and CCPA, says Rafael Moscatel, managing director at Compliance and Privacy Partners, a California-based consultancy.

“The ease of digitally storing and monetizing personal information has now run up against the rights of consumers to access and in some sense, reclaim ownership of that data,” he says. “That’s a paradigm shift that introduces a number of logistical burdens that some organizations, even relatively new ones, are not prepared to deal with.”

Moscatel says organizations need to identify and adopt appropriate privacy best practices.

“A solution needs to be proportional to an organization’s true risk, and while it must meet certain standards, your compliance professionals, data fulfilment service teams and IT support must be able to work with each other and speak the same language. It’s not as simple as throwing together a data map,” he says. “It’s not just collecting the metadata; it’s understanding the relation of the attributes not simply from a database perspective but from an ethical one.

Beyond Unicorns: Educating, Classifying, and Certifying Business Data Scientists · Harvard Data Science Review

via Beyond Unicorns: Educating, Classifying, and Certifying Business Data Scientists · Harvard Data Science Review

Abstract

There is increasing recognition that the data scientist ‘unicorn’—one who can master all the necessary skills of data science required by businesses—exists only rarely, if at all. Successful data science teams in business organizations, then, need to assemble people with a variety of different skills. This is only possible at scale with clear classification and certification of skills. While such certifications and classifications are in their early days, some firms are beginning to create them, and they are beginning to emerge in professional associations as well. Ideally, universities and other education providers and certifiers of data science skills would also employ standard skill classifications to communicate the skills they intend to inculcate.

Tomorrow’s Jobs Today – Publication delayed until April 2021 due to COVID-19

Due to the impact of COVID-19, the publication of Tomorrow’s Jobs Today has been pushed slightly back to April of 2021. Despite this, we have seen the proof of the manuscript and cannot wait to share this important study of modern careers with the world! Stay tuned!

Wisdom and Career Advice from Thought Leaders in AI, Big Data, Blockchain, the Internet of Things, Privacy and More

Discover leadership secrets and technology strategies being pioneered by today’s most innovative business executives and renowned brands across the globe in this entertaining collection of interviews and stories exploring new careers of the Information Age. (ISBN 978-1-78904-561-1)

Design your career for tomorrow with wisdom from leaders whose shoulders you stand on today. 

This collection of in-depth profiles featuring Smart City CIOs, Data Protection Officers, Blockchain CEO’s, Informatics Doctors and other diverse, skilled professionals gives readers first-hand insight into what tomorrow’s jobs look like today. The hands-on experiences, subject matter expertise and measured job advice shared within these pages demonstrate how identifying opportunities, setting the right cadence and building strong relationships are the essential ingredients to unlocking your future’s potential.

This book is for the new graduate, the professional between jobs and the doting parents desperate to get their “brilliant” but lazy kid out of the basement. It’s also for senior corporate leaders seeking an intimate understanding of the changes abounding in their organizations. It’s for the manager who wants to inspire and encourage professional development. And it’s for every knowledge worker out there who wants to leverage technology and information governance to reduce risk, generate revenue, and improve customer experiences.

Tomorrow’s Jobs Today is not for those who cower in the face of robots, coding, and automation. It’s a resource for people like you who recognize that the jobs of the future are very much here today and ours to adapt to. By absorbing the perspectives, challenges, and solutions of those deeply in love and accomplished in these new careers, we can help ourselves, our friends and our employees transform anxiety over a job search, job loss or just the winds of change into hope, understanding, and opportunity.

Sign up for updates on the book below!

*The opinions expressed by the interviewees in this book are their own and do not necessarily reflect those of their employer.

Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance

In May of 2020 I was honored to speak at the MERv conference with John Frost of Box on the topic of Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous ComplianceBelow are some excerpts from my transcribed remarks.
Session Description: Tackling data privacy and maintaining consumer trust is harder than ever, especially with the sheer amount of information you need to manage and with constantly evolving privacy laws (CCPA, GDPR, etc) moving the goalposts. The usual checkbox compliance, ad-hoc governance, and reactive information security policies will fail, if they haven’t already, and create too much organizational risk. To achieve a state of consistent compliance and minimize corporate risk you must provide three things to your business: transparent governance, frictionless security, and continuous validation. To provide these things, you must build a strong information governance framework and privacy compliance plan to succeed.
ON KEY PRIVACY ISSUES TODAY…

What’s important to remember here, overall, is that making your privacy plan a key component in your compliance program isn’t just helpful. These days it’s really a strategic imperative. That’s not only because it’s a hot topic or because it’s a growing regulatory requirement, but because it naturally enhances the way our organizations, and specifically our compliance and infosec groups, treat and value ALL of the data they’re responsible for testing and for securing, and in validating and protecting PII, we’re actually adding a layer of assurance that improves both internal operations and the customer experience.

Privacy makes data governance ethical and tangible, and compliance leaders understand that. Today, what we’re going to walk you through is what that awareness and proactive approach look like through the eyes of project leaders during three stages of compliance, prevention, maintenance, and retrospective.

What’s important to remember here, overall, is that making your privacy plan a key component in your compliance program isn’t just helpful. These days it’s really a strategic imperative.

I just want to point out that privacy, conceptually, is, of course, ancient really. People tend to forget that. I mean it has been written into legal codes even before the constitution as a Records and Information Governance community we’ve been dealing with it, from HIPPA to SOX, in one form or another. What’s different today at least in the business world is that the thresholds that trigger compliance these days aren’t industry-specific. Instead, they’re related to annual revenue and the number of data subjects you interact with, so that’s why we see a broader cut of industry’s being looped into these new demands of GDPR and the CCPA.

ON UNDERSTANDING TODAY’S REGULATORY COMPLEXITIES…

Privacy leaders have been asked about the volatile regulatory environment and a clear majority of privacy leaders rank keeping pace with the new regulatory landscape as a pretty important factor in their strategy…. Research also that a minority also are not confident that they have a framework for helping them adjust to that change. So, that’s what we’re aiming to address here today in terms of strengthening that IG program so that it helps buttress or even drive your privacy goals.

[Another] insight we’re sharing with you involves metrics. And we all know metrics is the heart and soul of compliance to a large degree. And we see that finding those metrics to measure their programs is somewhat lacking for the majority of those surveyed. And that results in the majority of leaders being unable to effectively report on their program outcomes.

Continue reading “Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance”

Meeting Evolving Business Needs – A Conversation Between RIM Educators and Thought Leaders

Earlier this month I had the honor and privilege of speaking at the MERv conference with Dr. Gregory S. Hunter, Dr. Tao Jin, Dr. Patricia Franks, Rae Lynn Haliday, Cheryl Pederson, and Wendy McLain on the topic of Meeting Evolving Business Needs – A Conversation Between RIM Educators and Thought Leaders. In response to requests, below are some excerpts from my transcribed remarks.

Session Description: This special, two-part panel discussion facilitated by the ICRM will compare current academic curricula with the existing ICRM exam to identify gaps and areas of improvement for both academia and the ICRM. University Professors will discuss their programs and IG industry leaders will add perspective from the business world.

ON THE QUESTION OF WHAT DO MANY JOB SEEKERS STUDENTS WANT TO KNOW?…

It’s really a surreal time to be having a discussion about meeting evolving business needs don’t you think? Of course, we’re doing this conference virtually for the first time, and pivoting towards presenting in this fashion is kind of representative of that evolution we’re here to talk about. You know one thing I think Records and Information Governance professionals excel at though is supporting organizations through digital transformation initiatives, and I imagine the reason that so many companies are able to move forward at such an accelerated pace today, despite COVID, is because they’ve already experienced in getting their records and information online. And I see more of that demand in the days and years ahead but also see significant risks.

But first I want to start this discussion with a sampling of questions shared with me by Tao Jin at LSU…. And I would assume it’s similar to the questions asked by students at some of the other schools with curriculums like LSU. Because I think part of framing this discussion is, you know, trying to understand what students and job seekers are actually asking as they consider these programs and navigating the job marketplace. And I’m not surprised that a majority of the questions shared here are related to emerging technologies.

One thing I think Records and Information Governance professionals excel is supporting organizations through digital transformation initiatives, and I imagine the reason that so many companies are able to move forward at such an accelerated pace today, despite COVID, is because they’ve already experienced in getting their records and information online.

I’ve had my own CRM designation about 7 years now and I can tell you the exam, and these University offerings go well beyond my original training which, at the time still focused primarily on micrographics, if you can imagine that. The exam has changed since then to address new technology and innovation. But that’s not entirely the role of the Records and Information Governance professional, is it? There are other important areas of course like management…. And I think the next panel will discuss that… But the one thing I want us ALL to think about today is this…. Are we generalists? Or are we specialists? I think it’s maybe a little bit of both…

And I think whatever direction individuals take, businesses are going to want their candidates to be well versed in emerging technologies as well as core ones, which we’re going to ask you about in just a moment.

ON LATEST TRENDS – INCREASED DIVERSIFICATION AND DEMAND…

We’ve all heard about job losses post-COVID, but I wanted to diverge from that headline for a moment and bring up what I see as some good news. And that is, from a career standpoint we are witnessing professionals with IG skillsets increasingly being tapped to lead technology upgrades, digital transformation projects, and cross-functional teams in a number of sectors. I think we’re seeing this trend for a lot of reasons. I’ve put an image up here from LinkedIN. It’s essentially a snapshot of a job search query. And I encourage you all to do this yourselves so you can see how diverse roles have become in just in a short amount of time. It’s not surprising how much of today’s work and technology now requires a solid foundation in good recordkeeping, database, and systems design. And recruiters are looking for that education and experience.

ON LEADERSHIP OPPORTUNITIES AMIDST THE CONVERGENCE OF TECHNOLOGY AND REGULATORY PRESSURES…

Although it’s not yet mainstream in every business, we do know that Big Data, IoT, and other emerging technologies are certainly driving some of the need for IG professionals. But it’s also a desire to find talent that can integrate privacy, data governance, and other best practices into those technologies, isn’t it?

An additional layer of assurance just makes good business sense and that layer is made possible by the talent that understands and can implement IG, especially around data governance.

Specifically, with the convergence of technology and regulatory pressures, we are seeing a specialized need for the RIM or IG professional to come in and ensure that operations, risk, and long-range planning value data governance, and that decisions about data protect the organization and prepare it for the next wave of innovation…. That’s how we make the most impact, by tying together stakeholders, prioritizing goals, and helping the corporate culture as a whole recognize the value of these data-driven initiatives and our individual contributions to them. IG reflects the thirty-thousand-foot view of the business with the experience of having been in the weeds with risk, compliance, and internal audit of its moving parts.

Employers. Their executives… and their attorneys, they all realize this. And the headlines around ransomware, GDPR fines, they’ve all prompted companies to revisit and invest in the way they tackle their biggest challenges. They know that an additional layer of assurance just makes good business sense and that layer is made possible by the talent that understands and can implement IG, especially around data governance, right?

That’s how we make the most impact, by tying together stakeholders, prioritizing goals, and helping the corporate culture as a whole recognize the value of these data-driven initiatives and our individual contributions to them.

So, I think those that succeed are those that try in earnest to gain the respect of their IT counterparts. They demonstrate adequate knowledge of the toolsets they’re working with. It’s not that you need to know how to program or code per se, but you do need to know the vocabulary, the big concepts behind what is going on to get buy-in for your portion, and to exchange ideas efficiently.

ON MOVING FROM GATEKEEPER TO CHANGE AGENT…

My colleagues and I are convinced more each day that closely aligned with these new opportunities created by technology is the personnel function of change. And I don’t think that means IG pros give up their methodologies or best practices or risk-averse perspectives, but they do need to embrace the demands thrust upon them. They have to move from defense to offense.

Ultimately, our role is no longer gatekeeper. Our role is part diplomat, part subject matter expert, part change agent. And I’d like to see educators start shaping those expectations with students and businesses as well.

I talk a lot about this in my new book, Tomorrow’s Jobs Today. Take a look at some of the job openings being put out there on LinkedIn, that I referenced earlier. In each job description, although it might not say Records Manager, you can pretty easily identify that recruiters and companies are looking to fill that type of role, or support the function in one way or another. Privacy Manager, Enterprise Project Lead, Risk Analyst, GRC consultant, etc.

And actually, groups like the ICRM, they play a critical role in communicating to employers exactly how their membership and certification programs deliver the competencies they need to drive new projects forward. But they need to understand. Ultimately, our role is no longer gatekeeper. Our role is part diplomat, part subject matter expert, part change agent. And I’d like to see educators start shaping those expectations with students and businesses as well.

Technology is the main driver of our evolving profession. And it’s not simply about document management and enterprise content management infrastructures, but now about AI, Blockchain, IoT. This is a direction that the MER conference has illustrated for years now. So, I think it’s imperative for educators and curriculums to offer primers on what a distributed ledger is, the basics of natural language processing, technical requirements of the GDPR, and similar topics.

Rafael Moscatel, CIPM, CRM, IGP, is the Managing Director of Compliance and Privacy Partners. He has developed large-scale information management, privacy, and digital transformation programs for Fortune 500 companies such as Paramount Pictures and Farmers Insurance. His latest book, Tomorrow’s Jobs Today, is available soon from John Hunt Publishing. Contact him at www.capp-llc.com or follow him on Twitter @rafael_moscatel.

Data Governance: How to Tackle 3 Key Issues The Importance of Accountability, Data Inventory and Automation – Full Interview with Rafael Moscatel

I was recently interviewed for an article on Data Governance & Privacy for a number of periodicals including Info Risk Today on “Data Governance: How to Tackle 3 Key Issues: The Importance of Accountability, Data Inventory, and Automation. Below is the full text of my interview for additional context.

With privacy law getting stronger by the day, it has become all the more important for companies to know where the data lies. The problem is not new but I am not sure if companies have been able to find a solution to this. What are the two main challenges of data governance?

While global privacy regulations like the GDPR and CCPA have greatly impacted contemporary data governance discussions, enterprise projects, and software solutions, we often forget that privacy itself is far from a novel concept and, in fact, one with deep roots in centuries-old ethics and social mores. What’s different now, or even from twenty years back, and what does that mean for data governance today?

The truth is that many companies have had to comply with at least some privacy requirements for decades, but the ease of digitally storing and monetizing personal information has now run up against the rights of consumers to access and in some sense, reclaim ownership of that data. That’s a paradigm shift that introduces a number of logistical burdens that some organizations, even relatively new ones, are not prepared to deal with. Especially since IT infrastructures and dependencies change quite rapidly. So the question becomes how do we build data governance rules that can keep up with these nuanced laws and demands while still supporting the greater needs of the business? The severity of fines and reputation damage from non-compliance has forced us to sit around the table and try to find the right balance between risk and reward. I think ultimately privacy-by-design as a fundamental aspect of enterprise architecture will bring needed order to some organizations despite handicapping them in the near term.

The second challenge is also privacy related, but in terms of exposure, much more consequential. Data breaches and ransomware have inundated infosec teams and exploiting poor data governance models is routine for hackers. Most breaches obviously originate with end-users, but the protection, encryption, anonymization, etc. of private data sets requires thoughtful and strict data governance to sustain disruption. How do meet that high bar and also provide a seamless customer experience? That’s a work in progress.

How have you approached these challenges? Can you walk us through the process?

We try to spend as much of our time understanding the regulatory environment our client is subject to as much as their risk tolerance. You can always look for a baseline in terms of a particular set of laws, but often a best practice approach makes more sense in the long run. I think a solution needs to be proportional to an organization’s true risk, and while it must meet certain standards, your compliance professionals, data fulfillment service teams and IT support must be able to work with each other and speak the same language. It’s not as simple as throwing together a data map. This is, to your previous question, a challenge because the stakes are now much higher and teams must now not only support each other’s requirements but go farther in understanding and appreciating the very nature of those rules. It’s not just collecting the metadata, it’s understanding the relation of the attributes not simply from a database perspective but from an ethical one. This is a convergence of law and technology that requires true cross-functional teamwork, where each stakeholder must respect and value the contribution of his or her colleague. It’s just not enough to know your little corner of the universe anymore. At Compliance & Privacy Partners we aim to facilitate discussions that enable that synergy and eventually support change management goals.

What did you discover during this journey? Where are most organizations missing the mark?

As far as privacy goes, and despite its long history as a basic component of ethics and law, most groups still haven’t understood you can’t just throw bodies and technology at something like this. The specialty is too new and the laws are in many cases too vague to leave it up to a project manager, a lawyer, a vendor, and an enterprise architect. I’m seeing a lot of companies try to check off details of regulations without understanding exactly how they fit together. What ends up happening is a whole lot of talk, a whole lot of capital spend and very little result.  Companies have to take a step back. The smartest know they need to bring somebody in who can provide an overview and roadmap for their particular challenges and then take next steps. That planning is what’s really going to set up their in-house teams and leaders for long-term success. 

What would be your advice to your contemporaries?

From my perspective, it would be to actually value privacy, not just as a consumer yourself, but as a smart business decision. Customers want companies they can trust and who provide solutions that help them solve their problem, but also don’t exploit their data. Do unto others as they say. I think building a culture that can internalize that as a golden rule will be transformative and lead to better data governance across the board.

Rafael Moscatel, CIPM, CRM, IGP, is the Managing Director of Compliance and Privacy Partners. He has developed large-scale information management, privacy and digital transformation programs for Fortune 500 companies such as Paramount Pictures and Farmers Insurance. His latest book, Tomorrow’s Jobs Today, is available soon from John Hunt Publishing. Contact him at www.capp-llc.com or follow him on Twitter @rafael_moscatel.