Privacy & Security: A Team Effort
Partnerships have been behind some of the greatest tech success stories in history. Jobs and Wozniak, Gates and Allen, Brin and Page… Apple, Microsoft, and Google as well as companies founded by women entrepreneurs all have partnership stories at their core. Companies which have reimagined our world did so based on rare and powerful teamwork.
One of the greatest overlooked opportunities for creating lasting value in companies today is the partnership between IT and privacy professionals. Indeed, creating a future in which privacy and security thrive depends upon this alliance. Privacy and security and the impact on consumers and companies has reached a “point of urgency” as discussed at the recent EmTech Digital Conference.
Common Interests for IT & Privacy Pros
Both IT and privacy professionals have aligned interests. Protecting customer and company data is paramount. Both share a vision around information governance, and both deal with issues such as data strategy, vendor management, analytics and Big Data, cybersecurity, and legal and regulatory compliance.
Information governance is a particularly high-profile issue for companies now. According to early results from Concept Searching’s 2015 SharePoint and Office 365 Metadata survey, information governance “has become a high priority for 20% of respondents, with 25% actively improving information governance, and 26% planning to focus on it within the next twelve months.”
Martin Garland, president of Concept Searching reports: “Organizations are realizing that information governance as it applies to unstructured content is now a high priority, because it is closely tied to achieving business objectives.”
Privacy is also a growing concern for IT professionals. A study by Dimensional Research finds that “93 percent of businesses are challenged by data privacy” and “84 percent of IT professionals reported that their focus on data privacy was escalating in 2015.” Some of the greatest challenges within organizations included employee awareness of privacy policies, no processes in place to train employees on privacy practices, and a lack of IT department knowledge about privacy laws and requirements.
These challenges are commonplace for a number of reasons. Chief among them is organizational structure. Privacy is typically centered in the legal department with security teams working within the IT or compliance department. Personality conflicts and differences in communication styles are also formidable challenges from a company culture perspective. Fortunately, a bridge can (and should!) be built between these worlds.
How to Build Bridges Between Privacy & IT Professionals
Here are a few tips for helping privacy and IT teams collaborate:
1. Elevate team visibility
Integration requires visibility. For people to work together effectively, they have to know one another. Forming cross-functional working groups and giving presentations on roles and responsibilities can help teams build relationships and teach one another what they know.
Extend this beyond your own organization. Look for opportunities to network with other privacy and security professionals. There are groups and conferences out there centered on this cause – where business, tech, security and privacy groups can join forces and share best practices. Women in Security and Privacy, Privacy Innovations and Technology, the Privacy Identity Innovations Conference, Facebook’s Privacy @Scale and TRUSTe’s IoT Summit are just a few.
2. Learn each other’s language
True collaboration requires clear communication. Privacy and IT professionals often share overlapping concerns, but terminology can vary. In IT departments, language is often technical, where privacy professionals may skew towards the legalese end of the spectrum.
In addition to language, there are also crucial differences in perspectives. While priorities may be similar, it’s important to understand the lens through which teams view their challenges and priorities.
CIPP exams and materials for privacy professionals and attorneys can help explain jurisdictional laws, regulations, enforcement models, and rules and standards. They can also help with essential privacy concepts and principals as well as legal requirements for handling and transferring data.
CIPT for IT professionals focuses on the “how” of privacy and technology. Some essential concepts are covered in CIPT, including how to bake privacy into early stages of IT products and services for cost control, accuracy and speed-to-market, how to factor privacy into data classification and emerging tech such as cloud computing, facial recognition and surveillance, and how to communicate privacy issues with partners such as management, development, marketing and legal.
Consider mixing it up and taking the CIPP coursework if you are an IT professional and the CIPT if you are a privacy professional. By expanding your knowledge of the complementary field in the data protection space, you will enhance your effectiveness in your own role.
3. Actively collaborate
Assume good faith from the outset and work together rather allowing yourself to be competitive or guarded. There are surely company initiatives which have both privacy and security implications, and it makes sense not to remain siloed. Incident management, awareness and training, and privacy and security by design programs are all good examples where teams can work together.
Collaboration is also essential when it comes to making the business case for privacy and security. This includes bringing these considerations to the attention of the Board of Directors and company executives, especially in terms of the impact on customer trust and corporate liability. Aligning efforts here can also have extremely favorable outcomes on securing the resources your teams need from the company budget.
Ralph Waldo Emerson once said “No member of a crew is praised for the rugged individuality of his rowing.”
How are you already working with your counterparts in security and privacy? What works, and what isn’t working? What suggestions do you have based on your experiences? Share your thoughts in the comments!
#PrivacyInnovationsandTechnology #CIPT #security #PrivacyScale #ITprofessional #privacy #PrivacyIdentityInnovationConference #TRUSTeIoTSummit #CIPP #privacyprofessional #EmTechDigitalConference #WomeninSecurityandPrivacy