I spent the latter half of last week at the IAPP Privacy Summit 2007 in Washington D.C. It was a great conference with over 1,200 attendees focused on lots of sessions as well as a number of keynote presentations by notables like FTC Chairman Deborah Platt Majoras and Attorney General Alberto Gonzales (where he first spoke publicly about the FBI’s troubles). While the conference suffered from a lack of chairs and room, it’s really only a signal of the success of the conference as attendees packed every session.

The caliber of the attendees was also impressive with some of the very highest privacy professionals in attendance, including those from corporate giants IBM, ExxonMobil, Ford, General Motors, GE, AOL, Wal-Mart, and Chevron. The chief privacy officers were at the conference in addition to their direct reports (if they are lucky enough to have any). There was also an exceedingly large number of lawyers (practicing and former) at the conference.

The main topics of interest were:

  • Globalization. How do you set up a global privacy program? How do you handle issues of training? How do you handle conflicting laws across jurisdictions? A key area of interest is the idea of transferring risk when working with third-parties, and the bottom line is that you can’t transfer the risk of information disclosure even with solid contracts and due diligence.
  • Working with others. How can you best work with your peers in other departments, including security and legal? What makes those relationships work well and what causes failure? The privacy officer’s job is becoming one to coordinate multiple groups and give overall strategy and guidance towards appropriate use of private data by interacting with different lines of business, the legal department, and IT, among others.
  • Regulators. A number of regulators held meet and greet sessions. Legal requirements are a strong impetus for privacy programs, so it was interesting to meet regulators at the FTC and learn what they’re looking for when they decide whether to prosecute a case or not. This helped attendees to see the real people who regulate them and learn which areas are most important to focus on. These meetings also help to put a human face on an organization that may otherwise seem to be a faceless punishing entity.

I met a wide range of privacy officers who were all very kind and friendly, including tons of Forrester clients, and I look forward to working further with the IAPP and its members to develop strategies and best practices for privacy.