In the sport of bullfighting, there is a phrase that is often used: Torear la suerte. Literally translated it means “bullfight your fate”, but it is often interpreted to be understood as a kind of code, a way of life, a philosophy about adversity and the fortitude to persevere. And succeed while putting on a fabulous show at the same time. Disorder, chaos and unrest in your personal life or business life does not build character, it actually reveals it. Every battle is an opportunity to exhibit what lays beneath your surface, and reveal the real you. Much is at stake here.
So with paraphrase apologies to Frank Underwood on House of Cards, I like to say that there are two kinds of Chief Privacy Officers: Door mats and matadors.
All day, every day, there are lot of ‘bulls’ coming at you, the matador: the woman or man whose job it is to protect data and ensure the privacy of that data, and generally to provide peace of mind to a lot of people. The business, regulators, legislators, negligent or malicious employees, hackers, and malware are all like a bull coming at you. You have two choices: you can either be trampled, like a doormat is, or you can use your cape (skills) as a metaphoric instrument to solve the risks and challenges of modern day privacy.
Increasingly, and for good, reason, the role of the Chief Privacy Officer is gaining the visibility it has long sought and deserved. Thanks in no part to the myriad number of high profile data breaches of the past 3 years affecting every sector, the CPO role has begun to get its 15 minutes of fame in the bull ring (‘plaza de toros’).
No longer buried in Legal, Compliance or even IT, the CPO role increasingly gets a seat at the table to not only clean up the messes that upstream control failures have wrought, but is now being asked to become more thoughtful and strategic in her/his thinking to avert the next crisis.
Much like bullfighting itself, managing the privacy of information for a firm has become a kind of choreographed ballet of tradeoffs. Is there too much security? Too little security? Are we over doing the security for convenience? Should we emphasize features or privacy? The CPO now has taken the decision reigns and weighs in with influence like never before. The most judicious companies ensure that the CPO has both voice and a vote for every initiative that involves customer or employee data.
As recently as a decade ago, the CPO position was just another piece of a hat someone in the organization (likely the General Counsel, CISO or CIO) had to wear because it sounded like a good idea to have one in the company. But the gesture was largely symbolic, and the role was often a dead end, or met with infrequent success. But unlike in bullfighting where the bull has little chance for long-term success, a CPO now has a likelihood of survival success that has never been better.
