Alumna promotes privacy and information security at Penn State

UNIVERSITY PARK, Pa. — For Holly Swires, chief privacy officer (CPO) and assistant chief information security officer (CISO) at Penn State, her interest in information security and privacy came later in her career. Swires initially earned a bachelor’s degree in criminal justice from Penn State in 2005 and gained experience as a victims’ advocate, providing an array of social services to individuals who had experienced sexual assault and domestic violence.

“I was always very-people centric and felt a high degree of gratification listening and helping people be their best self,” she said. “I started my first career working for a partial hospitalization program as a group therapist, providing mental health services, mostly counseling, to program participants.”

While she enjoyed the human interaction in that role, and the impact she was able to make for the individuals she worked with, she found herself drawn to regulatory compliance and researching laws and regulations. That led her to a position as an integrated security specialist at the University’s Applied Research Laboratory.

“That was my first exposure to security,” said Swires. “I was responsible for developing and implementing policies and procedures pertaining to security and overall compliance, required for varying research-related contracts.”

She later started a position at Penn State as the privacy coordinator working for the CPO, and eventually ended up stepping into that privacy officer role when the position became vacant. Then, in 2015, an executive decision was made to separate information security from the University’s central IT department. Swires was asked to serve as the interim assistant CISO and help restructure and lead the Office of Information Security (OIS). After two years, the Privacy Office transitioned into OIS, and Swires was formally appointed as chief privacy officer in 2017 with a dual role as the assistant CISO.

In her dual roles, Swires’ responsibilities include creating a culture of privacy and leading Penn State in achieving and continuously promoting compliance with varying regulations and internal policies pertaining to privacy, information security and other related programs.

“Some of these programs include PCI-DSS, GLBA, HIPAA, GDPR, risk assessments, third-party risk management, and research consulting/engagements pertaining to regulated data,” she said. “My primary focus is the development and implementation of a University-wide privacy program.”

Upon completing her bachelor’s degree and devoting a lot of time to building a privacy program for Penn State, she decided to enroll in Penn State World Campus to earn her master of professional studies in enterprise architecture and business transformation, which she completed in December. She says that completing her master’s has always been a long-time goal and she needed to find out what her core passions were to develop her future.

“Understanding my passion for privacy and information security compliance, this program made a lot of sense for me because it focuses on strategy and business components that are very pertinent to a role like mine,” she said.

To Swires, World Campus has been beneficial in many ways. She’s learned to focus on the future state and that all-encompassing view, which is very important in the privacy profession. With a variety of data privacy laws and regulations continuing to surface within the U.S. and internationally, building a privacy program at the University that is forward-thinking and futuristic is crucial.

“It would be very challenging for my team and I to build a new program or update it every time a new law or regulation comes into play for Penn State,” she said. “The importance is really building something that is sustainable for an environment that is constantly evolving and will continue to for some time.”

Swires is also the chair of the Penn State Privacy Council, a diverse group of community stakeholders across Penn State that serves as a sounding body to Swires’ team’s endeavors to implement, monitor and continuously improve the University’s privacy program and other privacy-driven requirements.

“To me, the University Privacy Council is one of my biggest successes as CPO, and that’s really due to the amount of support I receive from its members,” she said. “The Council members are truly interested and engaged in the work my team and I are doing to progress data privacy for Penn State."

Last year, Swires volunteered to impart her knowledge and experience on College of IST students as part of an information technology panel, where Penn State IT specialists in various domains gave attendees a glimpse into different career paths. She felt that it’s extremely valuable for students to know what opportunities may be available to them after graduation—especially ones they may not be aware of.

“Though the privacy profession is still steadily growing, particularly in the higher education community, new areas within the field of privacy which are more technical continue to gain traction, such as privacy engineers and analysts,” she said. “With all the new data privacy laws and regulations, this profession is in very high demand and will continue to be.”

Visit the Penn State World Campus website for more information on the master of professional studies in enterprise architecture and business transformation program.

Learn more about Swires' work in Penn State's Privacy Office and how Penn Staters can protect their privacy in this Data Privacy Day article on Penn State News.