On Oct. 29, Ohio State welcomed Holly Drake into the newly created position of Chief Privacy Officer. Data privacy needs are increasingly far reaching, spanning the worlds of both regulation and data ethics. In this new role, Drake will have a dual reporting relationship to both Chief Information Security Officer in Enterprise Security Helen Patton and Gates Garrity-Rokous, Vice President and Chief Compliance Officer for the Office of University Compliance and Integrity.
In hiring Drake, Ohio State is pleased to have secured a seasoned privacy professional with proven experience building privacy programs in her two most recent professional roles at State Auto Insurance and Nationwide Insurance. An Ohio State alum, Drake was an obvious choice for helping Ohio State build its existing privacy activities into a more robust and comprehensive program.
“There are many privacy practices which can help Ohio State deliver its mission.” said Chief Information Security Officer Helen Patton. “We will work in tandem with the Chief Privacy Officer and with the Office of University Compliance and Integrity to ensure that privacy and security work together to enable university goals.”
In her 18 years as privacy professional, Holly Drake has successfully created privacy programs across a broad range of critical areas, including litigation and regulatory compliance. She has a proven record of accomplishment delivering risk mitigation using pragmatic approaches. She also has a technology background that gives her a unique insight into how information security best practices relate to privacy.
The focus on privacy has grown in recent years. For example, the EU launched one of the most comprehensive body of regulations so far when it enacted General Data Protection Regulation (GDPR) last spring. Not only does the university need to respond to government regulations to assure data privacy, but it also must be positioned to satisfy our stakeholder requests for definitive privacy practices.
Drake will work in Mount Hall, to ensure a close alignment with the Enterprise Security team as policies are developed and processes put in place. For more information on current privacy efforts, visit cybersecurity.osu.edu to learn about how we adhere to privacy regulations and read our interim policy outlining our current approach to GDPR.