IAPP’s Trevor Hughes speaking on privacy

Trevor Hughes is the CEO of the IAPP, a not for profit international organisation for privacy professionals. He is currently staying in The Netherlands to talk with EU privacy professionals. In a presentation last wednesday in Breukelen, he highlighted that the privacy field is booming.

About the IAPP

The IAPP is an international association for people that work in the area of privacy. Unlike other groups it does not lobby or represent specific interest. It is a neutral organisation open to privacy officers and researchers. It is fairly accessible (250 dollar annual membership fee for professionals and lower fees for students and researchers) and has several initiatives to gather and publish data, for instance on salary levels, privacy management tools and professional qualifications.

EU regulation

The CEO trevor Hughes lives in and is from Canada, and is staying in Amsterdam for several months in order to engage with EU member and regulators. His decision to spend time in Europe is probably influenced by the new upcoming regulations: the new General Data Protection Regulation (GDPR) will be in force after May 2018. This is a major change for privacy professionals and compliance officers.  The new regulations have made ‘privacy’ a booming field, and the IAPP is rapidly growing. It currently has 31.000 members in 100+ countries. Even though this is an impressive number, it is likely not enough: The IAPP has made a conservative estimate that the EU private sector will need at least 28.000 data protection officers.

Privacy in the past

Trevor was invited by the VCO to give a speech directly after the annual meetings of the VCO and the NGFG. These are Dutch organisations for compliance officers and for data protection officers. Both organisations have many new members that are interested to hear the international IAPP perspective on the EU regulations. Trevor decided to start with a long term view. He gave several historical examples of new privacy concerns: one was a painting by Rembrandt of a bathing goddess, who was disturbed by a hunter. Bentham’s circular prison design, based on the misguided idea that people would behave better if they felt they were constantly watched. After these classical examples, he explained that there have been many privacy crises in the past: US Judge brandeis introduced the right to privacy in the 19th century after the invention of the pocket camera. During the 20th century, the death of privacy has often been predicted. In each case, the predicted death never occurred. Privacy never disappeared. It just needed to be re-negiotated in the new circumstances.

Privacy in the present

He concluded the talk with a present and future outlook, linked to the various activities of the IAPP. Rather than presenting a personal view, he showed data based on member surveys. One interesting chart showed a ranking of how difficult the GDPR requirements are, according to privacy professionals. The professionals view the right to be forgotten as most difficult to implement. He ended with a very positive message, at least for the audience present: There is a huge need for experienced privacy professionals in all roles and all organisations. “Privacy is not dead, it is hiring” according to Mr. Hughes.