Data Protection Officer, Bank of England
The embodiment of privacy and information security compliance (and best practice) must be about making our industry do better to help coordinate, consolidate and respond to emerging cyber threats and privacy risks across our organisations. How and where this could be achieved, in a more effective and efficient way should be considered at this critical time of making GDPR operational. Promotion of data ownership and data accountability is now taking place under GDPR and therefore, we should utilise this opportunity to mature our functions and capabilities and help our customers, consumers, staff and shareholders feel assured that we have this under control.
Steve has been working in technology, risk, data security and data privacy for over 20 years now. His back ground experience is in designing, developing, managing and delivering or turning projects into operational structures, including the governance, privacy and security programmes necessary to maintain a good posture is solid and focused. His style as a pragmatic and charismatic leader ideally places him as the ‘trusted advisor’ to the Board on all matters relating to privacy and security risk.
Steve is also a published author, a non-exec director and is regularly invited to speak at industry events, trade associations and thought leadership working groups. He is constantly working towards finding new ways to increase trust and transparency in respect of consumer services, business functions and product vendors.
Steve believes that cyber security and privacy must come together as they share common objectives, legal obligations and principles, and therefore require the same or common satisfactory safeguards and assurances. From a business perspective, this can be achieved by building ‘digital trust and assurance programmes’ based on the fundamental principles of transparency, trust, accountability, protection, integrity, confidentially and availability, accompanied by clear policies and delivered through comprehensive training, integrated procedures and a robust compliance regime.
This is where Steve’s role as Data Privacy & Information Security Officer at John Lewis PLC is particularly relevant, because John Lewis PLC’s digital ambition will create greater functionality, connectivity and personalisation. Steve’s role is to work collaboratively and integrally with the business, to help steer and shape the digital conversation and leverage the power of data analytics, while also ensuring that the business remains compliant with laws around the world but still competitive, and acts in a moral and ethical way in relation to the rights of the individual and is therefore independent to IT or Operating Divisions.
His role as Trusted Privacy & InfoSec Advisor (plus the Data Protection Officer), is essentially about making John Lewis PLC’s digital strategy a reality. This work involves proactively communicating with Data Protection Authorities from Europe and around the world and regularly training lawyers, marketers, HR and R&D personnel to ensure that they understand and know their responsibilities.