Institutions create security regimes under the guise of protection, but these measures, even with the best intentions, can be problematic to execute due to competing logics, such as tensions between government regulations and institutional priorities. Data Protection Officers (DPOs) must navigate these conflicting logics, balancing data privacy with intuitional concerns. This article argues that DPOs can find power by identifying gaps between regulatory and institutional logics to form localized tactics to carry out their jobs in line with their own ethics and morals. By doing so, workers can reclaim power in the seemingly dominating power of security logics.

COVID-19 contributed to what we know about pandemic communications, typically framed through risk and crisis. Risk and crisis as frameworks are limited, however, and this article argues that there are differences between primary and secondary pandemic communications, illustrated in this study by the typically change-adverse law enforcement community (LEC) that during COVID-19 not only had to control risk but also had to change their course on other nonrisk and crisis communications practices.

In spring 2020, not only did the teleconferencing platform Zoom experience an onslaught of new users who were now social distancing due to the COVID-19 crisis, but it also faced its own crisis due to the privacy of its product. For those working in technical and professional communication, the Zoom example illustrates not only a way to communicate in an emergency but also a way that privacy can cause a crisis in the first place. Drawing from literature on crisis communication and the experiences users described in the Zoom CEO’s blog post, the author concludes that while Zoom did indeed have technical issues that contributed to its privacy crisis, users also experienced its technology in unexpected ways, and the company underestimated the privacy expectations of its new users. Zoom’s privacy crisis ultimately provides a useful discussion of why it is increasingly important for companies to incorporate privacy by design and to be frank about their privacy practices with a public who has a growing interest in, and dissatisfaction with, corporate privacy practices.