Making Privacy a Priority for Digital Enterprises


“I used to say that Privacy was Cinderella while infosec and risk management were the famous stepsisters. Not anymore!” - Amalia Barthel

Now more than ever, the issue of privacy is a major concern for any enterprise, and with online data breaches frequently making headlines, the subject is particularly important for those operating in the digital world today.

“I used to say that Privacy was Cinderella while infosec and risk management were the famous stepsisters. Not anymore!” says U of T School of Continuing Studies (SCS) instructor Amalia Barthel. 

“The amount of personal data breaches everywhere, impacting people's credit scores and their digital identification, plus a number of regulators passing strict requirements for mandatory data breach notifications brought privacy to the forefront.”   

It is essential for online businesses to get ahead of potentially devastating privacy issues. That’s where Barthel and fellow instructor Constantine Karnaliotis come in. The pair teach Developing a Privacy Management Program in the Digital Enterprise, the third course in the SCS certificate in Privacy Management in the Digital Enterprise. Barthel finds that learners working to earn their certificate are eager to take a practical approach to privacy, one that can be applied wherever they are in the world. 

“We keep it real, our students have their feet on the ground all the time, they are solving business problems while weaving in Privacy by Design and concepts related to data subject rights.”

This approach helps prepare learners to become internal ambassadors for privacy management, giving them a 360 degree view of personal data and information processing in a business context. The courses are designed so that learners from any industry and anyone new to the realm of personal data protection can benefit and be successfully “promoted” on to their next course to look at privacy issues from a new vantage point. 

“Anyone can be successful in our courses,” says Barthel. “They learn a lot, there is a lot of reading and self study rewarded with very challenging assignments and in the end .....they get promoted! So they can now make decisions with the knowledge they accumulated previously!”

Amalia is an Independent Privacy and GRC Advisor working with clients to support them in understanding IT, information security and privacy risks. She has started her career in IT prior to Y2K and evolved it into the realm of information security, privacy, audit, risk management, compliance and governance. Her industry expertise spans from pharma, financial, insurance and telecom industry  through to various levels of government.  Amalia has developed and delivered enterprise learning programs for project management, privacy and security for adult learners and is a frequent speaker at various conferences and symposiums. Prior to becoming an Independent Advisor, Amalia worked within IT and Compliance departments managing IT change control in the context of mergers, transformations, strategic risk management and compliance issues, conducting IT controls and privacy audits and providing management with dashboard reporting on compliance. Amalia is active on various boards, such as PMI Southern Ontario Chapter (past Director of the Board) , the IAPP Canadian Advisory Board, Executive Director for the KnowledgeFlow Foundation and she is a collaborator of ISACA and the ISACA Toronto Chapter. Part of Amalia's mandate on these boards is to create and deliver educational programs for the community to support an ongoing understanding and awareness of cyber and privacy risks, in particular for youth and seniors.