Regulatory Project Management Interviews: Managing Privacy

Is your privacy protected? How can you be sure? Protecting privacy is one of the great challenges in regulatory project management. Like any regulation, managing privacy obligations entails significant costs.



Today’s interview guest on Project Management Hacks is Amalia Steiu, PMP. She is the manager of Privacy Risk Awareness at the Royal Bank of Canada (RBC). With millions of clients around the world, RBC has substantial privacy responsibilities.

RBC Overview (source: RBC At A Glance, Q2 F2014)

  • RBC is Canada’s largest bank by market capitalization.
  • Over 70,000 employees
  • Over 16 million clients
  • RBC’s revenues come from North America (Canada: 63% and USA: 18%) and around the world (International: 19%)
  • RBC is a diverse financial services firm that earns 54% of its earnings from retail banking, 23% from Capital Markets and smaller amounts from insurance and other lines of business.

1. What are your favourite kind of projects and why?

I like working on compliance projects because project management is new and fresh to that field. I also like that there are gray zones and ambiguity on compliance projects. In software projects, you can turn the application on and see what happens. In compliance, there is more ambiguity.

 2. How did you get started in project management?

Back in the 1990s, I started by working on technology projects. Earlier in my career, I worked at GSK (GlaxoSmithKline), the global pharmaceutical firm. GSK has an outstanding project management culture – everyone spoke the same language.

Everyone was focused on quality because a low quality pharmaceutical product can kill people. I also had the benefit of working with directors who deeply understand the project management discipline. At GSK, project management was a way to reduce cost while maintaining high quality standards.

 3. What’s the largest project you’ve ever run?

I ran an IT project to transition over 500 people from Lotus Notes to Microsoft Outlook. The project was very challenging because email is a very important application. The project team only had six-eight weeks to complete the project. The project was delivered successfully!

4. What frustrates you the most on projects?

I have seen various communication challenges. For example, some people disagree about the meaning of “deliverable” in projects. In other cases, there seems to be limited understanding of process design, business analysis and the fundamentals of project management.

This problem can be resolved by having a better understanding of the fundamentals of project management. If you don’t know the ABCs, it is difficult to form sentences!

 5. What did you study at university and how does that fit into your project management career?

I studied computer science in university because it was a growing and interesting field. My interest lay in systems, design and automation rather than software development. My early interest in systems and automation fits well into project management work.

6. In your work, what regulations have triggered the need for project work?

In the privacy world, the most important legislation is the Personal Information Protection and Electronic Documents Act (PIPEDA). In Europe, there are different privacy regulations and those impact firms that do business around the world.

Project work in privacy is also impacted by comments from regulatory agencies. For example, for Privacy, there is close scrutiny of the public facing websites run by the large Canadian banks. These websites must include privacy considerations deemed appropriate by regulators.

7. How do you plan for ongoing maintenance after a project has been completed?

In the context of privacy, there are two stakeholders to ongoing maintenance. The privacy office provides guidance and expertise on changes in the external environment. The rest of the firm also has an important role to play to ensure that privacy training is provided and adopted.

8. How does project sponsorship work in your environment?

Securing project sponsors is a significant problem. In many cases, large firms are reactive. If a bank is “named and shamed” by a regulatory agency, then project sponsorship becomes responsive. In my experience, whenever there are penalties and “teeth” in compliance, project sponsorship tends to be robust.

 9. What is a common privacy mistake that you see?

The biggest problem is failing to include privacy in day to day decisions. Fortunately, the concept of “privacy by design” is helping. I also see problems that privacy practices lag behind technological innovation. For some people, privacy matters can be difficult to implement during routine, day-to-day activities.

The solution to many of these privacy struggles is to have strong privacy resources that are easy to access and simple enough to understand their applicability. Setting up a privacy office makes it easier for organizations to have one central point to obtain guidance.

 10. How has project management at your organization evolved over the past five years?

There is a greater interest in project management broadly described. I also see an openness to applying new methodologies such as agile project management.

Managing the diversity of project management approaches can be challenging. There is an increased need for a project management office (PMO) to provide oversight to an organization’s projects.

11. Do you expect to see increases in privacy regulations?

Each country is steadily increasing their privacy expectations. In fact, Canada has an advantage in privacy right now. I have heard of some American firms thinking of setting up in Canada in order to serve the European market because Canada has a strong privacy reputation. I think that privacy regulation complexity and demand for compliance is only going to increase over time.

12. What resources do you use to stay informed on project management and related topics?

The Project Management Institute (PMI) has published great resources and I find those helpful. I find that there is not enough material about a practical implementation of project quality, for example.

In my career, working on project audits provided very educational. I had the opportunity to see a large number of projects and see what other project managers were doing. I would recommend project audit as a great way to learn.

13. What is your favourite business resource?

I read articles that are referenced on and materials published by ISACA (Information Systems Audit and Control Association) and IAPP (International Association of Privacy Professionals).

14. When somebody says project management to you, what’s the first thing that comes to mind?

Planning and staying organized.

Get The Friday 5 Email Newsletter

Productivity Tips, Resources & Hacks Delivered Every Friday!

Powered by ConvertKit

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

One thought on “Regulatory Project Management Interviews: Managing Privacy