Privacy: "You Can't Prepare Enough"

Nationwide's Privacy Officer on How to Manage a Breach

By , May 23, 2011.
Privacy: "You Can't Prepare Enough"
Read Transcript

The recent data breaches at Epsilon and Sony should send a chilling message to privacy officers everywhere. "You can't prepare enough," says Kirk Herath, chief privacy officer of Nationwide Insurance Companies.When an incident occurs, and it's time to issue breach notification, you have to be ready for scrutiny, Herath says.

"You need to anticipate the likely questions that are going to come not only from customers, but from your own internal associates, law enforcement, regulators and, in the case of Sony, from Congress."

These recent incidents underscore the need for communications professionals to handle public relations in the wake of a breach, he says, to avoid any appearance of secrecy. "At the end of the day, the worst thing you can do is look like you're not transparent," Herath says.

In part one of a two-part interview on privacy and incident response, Herath discusses:

  • The scope and scale of the privacy officer's job today;
  • How the Epsilon and Sony incidents were handled;
  • His experience managing privacy in the event of a breach.

In part two of this interview, Herath discusses how he has helped improve privacy protection at Nationwide, and he talks about two of his top concerns: Mobile technology and cloud computing.

Herath is Vice-President, Associate General Counsel and Chief Privacy Officer for Nationwide Insurance Companies and affiliates based in Columbus, Ohio.

Among other things, he heads up a team that has primary responsibility for corporate privacy policy and implementing privacy across all lines of business. He represents Nationwide's interests on many industry and business privacy groups and before legislative and regulatory bodies. He is responsible for all legal issues impacting privacy, information security, technology and information systems, contracts and supply services management, confidentiality and data integrity. Under his leadership, Nationwide has been selected as one of the Top 10 Most Trusted Companies for Privacy (number one in the insurance sector) five times by the Ponemon Institute.

Herath is Past President of the International Association of Privacy Professionals and is still very active within the association serving on several committees. He also served on the U.S. Department of Homeland Security's Data Privacy and Integrity Advisory Committee from 2005 to 2011. He speaks regularly on a broad array of issues.

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE FTC's LabMD Case: The Next Steps

The FTC will not call a witness to refute damaging testimony by a former employee of Tiversa, the...

Latest Tweets and Mentions

ARTICLE FTC's LabMD Case: The Next Steps

The FTC will not call a witness to refute damaging testimony by a former employee of Tiversa, the...

The ISMG Network