Talking privacy with Unilever's Steve Wright

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

Steve Wright is Global Privacy Officer atconsumer goods giant

Unilever

, owner of global brands like Dove and Ben & Jerry's. More than 2 billion consumers worldwide use a Unilever product on any given day.

Steve is keynoting at

Cyber Security Expo on Thursday 09 October

and will be discussing the challenge of meeting both privacy and marketing demands. We met him to briefly to learn more about his role.

You have quite an unusual job title in the world of cyber security. How did it come about?

I got involved in privacy about five years ago through a project at

PwC

. My background in IT security probably helped contextualise it. After all, security is concerned with how data is accessed and how it remains confidential. It’s all about control, putting safeguards in place to minimise the risk of data falling into the wrong hands.

Privacy is also concerned with that but also with the

use

of the data: consent, retention, archiving - the whole data lifecycle management process. Privacy sits right in there as the main protocol. There are now 120 laws globally relating to privacy. Privacy and data protection is taking business by storm. From my perspective, I’m concerned about the use of the data and ensure it’s not leaking via an APT, for example.

Register for Cyber Security EXPO 8-9 October 2014, London ExCel

The challenge at Unilever is to remove silos and data blind spots. Security and privacy has got to be done holistically. We have to be transparent with our customers on how we deal with their data. We spend billions on marketing and that can be completely undone by a data breach.
What can other security professionals learn from your role?
It’s absolutely critical that the CISOs of tomorrow understand data usage and legally fulfill the data privacy requirements of the countries they operate in. I've learned an awful lot from understanding this responsibility perspective, when my responsibilities start and end and when my infosec colleges reasons start and end. Requirements for privacy in Europe are the most stringent in the world. In Asia we have had 11 new pieces of privacy legislation in recent years, so we have to really think about how we operate in those markets. We have to really decide who is responsible, it’s not just an IT problem.
Why do consumers tend to trust corporations with their personal data more so than governments or government agencies?
A commercial organisation has more accountability, it’s got shareholders, it’s got employees. But government is so big, so stuck in its ways, it doesn't understand the commercial value of data.
Is big data, just big hype, or a valuable tool both for security and customer research. Unfortunately the term is a bit misleading because its always been big. It’s how we manipulate, how we analyse and interrogate data which has come on leaps and bounds, in the last few years. It should be called the “big ability to analyze data” perhaps. Data is now so much more accessible, from so many points. Before you had to be directly on a system to access data, now in the age of cloud, web and mobile it’s truly open - but that of course makes it more vulnerable.
Do you believe security is a business enabler or will continue simply to be a necessary “evil”?
I still see myself as a security professional, but we’ve still got a job to do to take away the urge to say “no”. Maybe a bit of marketing campaign like, “the bank that likes to say yes...”. We do have a very negative image - rightly so. But we’ve moved and evolved as security professionals and we should now be seen as business partners, helping the business do what it need to do in this very difficult and volatile trading environments.
Unilever is still growing in key categories and markets. Some of those markets are slowing and we’ve got increased competition. The continuation of geopolitical tensions and challenges will have an impact on our business. I need to understand those challenges, what is going to secure long term success for us. Which is why analytics is massive for us in India and Africa, we make sure our policies are empowering the business, and compliant with local laws. And keep intact the trust between us and our customers. Trust and security go hand in hand.


Topics