Speaking at business forum, I asked the question, “Does your business have a privacy officer?” A young attorney quipped, “Hire an attorney and he’ll tell you if you need a privacy officer?”

 

It is commonly accepted that all enterprises must have an “in house” official for privacy and information security oversight. It is expected whether your business comprises one or tens of thousands of associates. No employees? Then you’re the privacy officer.

 

Privacy and information security as a legal specialty is relatively new. There are a handful of law schools that offer this specialty. .

 

Your current business attorney may not be the best source of legal advice on privacy and information security law. This is not unlike other professions, such as medical, where a proctologist is not an appropriate choice of medical advice if one has a brain tumor. Unlike the obviousness of this jocular medical analogy, many business people assume law is a single specialty.

 

The specialty of privacy and information security is budding with certified professionals who do not practice law. Although I am not a lawyer,  I have conducted continuing legal education for Illinois and Wisconsin lawyers, promoted by the State Bar Association. Non-attorney privacy and information security compliance pros may be differentiated in that they bring functional privacy and information security solutions to the workplace.

The value of having a privacy advisor with a law degree is significant in larger enterprises where there are ongoing legal situations and judicial proceedings. Implementing workplace compliance programs can be achieved with a minimum of legal counsel.

 

Yet, it is not uncommon for business managers to view privacy compliance as a traditional legal issue. Those that do, often consult with their regular business attorney. I find this a curious behavior because the same business managers make risky legal decisions daily, and they never consider contacting a business attorney for advice in the area of law that they have expertise such as contract, human resources and insurance law.

An attorney is an important member of a business risk management team. However, the attorney is not likely going to be the privacy expert, the professional risk manager or the information security expert. Initiating privacy and information security best practices in the workplace by asking an attorney may not be prudent unless the attorney has specialized in that area of law.

Comments

RSS

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."