So it turns out US tech legend Scott McNealy was wrong and we don't have to "get over privacy" after all.

Nearly 20 years after McNealy coined his now-infamous phrase, there's far-reaching legislation like the European Union's General Data Protection Regulation (GDPR) and mandatory information spillage reporting laws to protect consumer's privacy.

Despite this, the tech industry's still struggling to work out how to deal with this new reality.

Make no mistake, tightened privacy laws are profoundly changing the tech industry.


For instance, engineers at network infrastructure companies like Cisco now have privacy officers (CPOs) such as Michelle Dennedy to look over their work.

Dennedy was appointed two and half years ago, the first chief privacy officer at Cisco, the company that basically invented internet working in the mid-80s.

Before Dennedy, privacy was handled by a Cisco human resources staffer.

This clearly wasn't enough, not at a time when programmers talk about coding the GDPR into applications.

Implementing privacy at every level at a company that was funded on making access to data as easy and fast as possible is one of those rare occasions when you're allowed to use the hackneyed term "paradigm shift".

From now on, privacy considerations have to be built into organisational structures and for tech companies, the hardware and software they produce have to be re-engineered. Failure to do that will be punished by the authorities, fed up with companies' careless handling of sensitive data.

It's a massive undertaking and it'll make CPOs some of the most powerful people in any organisation. They will have a necessary say in every aspect of a business, and being a CPO could become the job to go for this year, as the role will be defined by the people filling it.

The big question many companies face is: what kind of person would make a good CPO?


Finding someone with the right mix of skills for a CPO role isn't going to be easy. The ones I've met have legal experience and expertise. A former lawyer with a tech bent is a good start, but business experience and financial acumen is needed, too.

One critical skill or qualification for a CPO is empathy, as in understanding why privacy matters for individuals - and what the damage can be when a data breach occurs.

The new privacy laws have created a new type of C-level executive, one that nobody foresaw even just a few years ago.

CPOs are very much a first-world thing though, along with the privacy laws they're trying to follow and implement.

For developing nations, the rush to re-engineer IT and business systems to encompass privacy is another massive hurdle to overcome. Poorer countries already struggle to retain talent, as was pointed out to me at the latest Apricot internet engineering conference in Kathmandu, Nepal.

Developing countries are worried that privacy regulations will become lopsided, weighted in favour of rich nations that can afford to implement the new laws, and train and hire CPOs who will command large salaries thanks to the rarity of their skills mix.

Enforcing national and international privacy regulations requires specific expertise and understanding of the mechanisms behind them. What if you can't find the people to do it, not for love or money, because they've understandably enough gone to work somewhere overseas?

This is a thorny issue that smaller developed nations like New Zealand will be hit by, when large multinationals start vacuuming up our English-speaking talent for what will be very rewarding jobs overseas.

That's something we can't afford to ignore if we want to continue to do business with the rest of the world; it's time to start training up our own army of CPOs or we'll lose out.

Juha Saarinen travelled to Cisco Live as a guest of Cisco.