Privacy professionals face a particularly challenging environment: one in which a broad range of rapidly-changing technical, legal, regulatory and commercial requirements often conflict with each other.

A wide range of factors are increasing the pressure on organisations to recognise and address privacy-related issues:

• increased media and public awareness of privacy issues and demands for correct use of personal information;
• increased litigation arising from privacy-related incidents; demands for good corporate governance and social responsibility driven by emerging legislation such as Sarbanes-Oxley;
• the need to meet ever-changing national and international legal and regulatory requirements that impose different demands in different countries;
• an absence of recognised international standards for privacy management;
• the emergence of new technologies that are invariably a lightning rod for privacy-related problems as new risks are identified;
• conflicting priorities for organisations that divert executive priorities away from privacy-related issues;
• business pressures for greater sharing of personal information within and between organisations.

Identifying, understanding and keeping abreast of these issues is a complex process. Privacy professionals face significant challenges in addressing privacy issues effectively:

• reaching a shared understanding of privacy rights and needs between the organisation and individual customers, employees and other stakeholders;
• establishing baseline privacy policies that comply with relevant legislation but do not unnecessarily hinder normal business practices in any one operating country;
• implementing privacy policies across the organisation, supported by a privacy management infrastructure;
• ensuring that senior management understand and accept responsibility for privacy issues;
• making employees aware of their privacy responsibilities and ensuring that they act accordingly;
• defining responsibilities and boundaries between information security, information privacy, compliance and audit;
• keeping abreast of rapidly changing legal and regulatory requirements;
• staying up-to-date with technology developments and corporate initiatives to use those new technologies.

Privacy professionals have to resolve conflicting privacy, technology and legal issues whilst supporting the organisation’s commercial requirements.