Maturity and Metrics: A few thoughts from the IAPP’s Privacy Summit 2010

With a case of the volcano blues, I found myself at the International Association of Privacy Professionals Privacy Summit 2010. As I sat in sessions and caught up with customers at this, the largest gathering of its kind, I noticed an undercurrent to the overall conversation. This undercurrent sounded, in some sense, very similar to conversations I have with my identity management customers regarding maturity and metrics.

Privacy has moved beyond the compliance officer and is receiving better representation in business operations. Example of this include an increased presence of privacy practices in

  • project and software development lifecycles
  • procurement and contracting processes especially with respect to procurement 3rd party services

In some sense this has given privacy, and its closely aligned peer – data protection, more of an outward appearance of risk management than compliance. This is evidence of privacy’s maturation.

But as privacy matures, as privacy is seen for its risk management capabilities, as privacy gets more engrained in business operations, better metrics relating to privacy are needed.

I sat in one session in which privacy professionals talked about the challenges of building dashboards to display privacy metrics. Few could point to meaningful dashboards that they had built. Fewer still felt they had a clear handle on what kinds of questions they should be answering and how they should measure to do so. This challenge relating to measuring privacy lines up with recent research I published on policy governance.

As demonstrated by the size of this year’s Privacy Summit, it is clear to see the privacy profession is growing. The questions and nuanced challenges privacy professionals raised during the week are further evidence of privacy’s maturation. Privacy professionals are searching for more metric-driven ways to represent their efforts and programs especially as they work with their business partners. The results of this search for more tangible things to measure is part of the growing pains of privacy that the industry must endure.

T Minus 7 days to Catalyst EU

I’ve been a bit quiet on Tuesdaynight lately… sorry – it has been a bit crazy around here lately.

At any rate, we are 7 days away from Burton Group Catalyst EU! In the 7+ years that I’ve been involved in one way shape or form with Burton Group, I’ve never been to a Catalyst EU – so I am very excited. For those of you joining us, you are in for a treat – John Seely Brown will delivering the keynote for us. Besides Mr. Brown, the IdPS team has got some great content waiting for you:

  • Bob will kick things off with a look to the future identity architecture
  • I’ll be talking about the IdM market as a whole
  • Lori and I will have a serious conversation with our dear friend – provisioning

Fun for the whole family…

For those of you not heading to Prague, follow the conversation on Twitter. We’ll be using the #cat10 for the conference and the identity conversation will be on #idps.

See you there either in person or virtually…