Privacy professionals and engineers are often tasked with the same goal: to protect personal information. Given that shared objective, why are there so many difficulties between IT and privacy teams?
That was the crux of the conversation Friday at the IAPP Privacy Academy and CSA Congress during the breakout session “Same Planet, Different Worlds: Getting IT and Privacy Teams to Work Together.”
“Privacy teams are good at saying what should be done, but it’s up to the engineers to do it,” said McAfee Director of Data Privacy Jonathan Fox, CIPP/US, CIPM. So communication between the two is essential, though challenging.
First off, privacy and IT teams speak different languages. GuruCul Solutions Chief Security and Strategy Officer Leslie Lambert, CIPP/US, CIPP/G, said it’s like the Tower of Babel: “What you often see is teams communicating past each other, in different directions, instead of with one another.”
Plus, Fox pointed … Continue reading “Getting privacy and IT departments on the same team”
Good cybersecurity means good info governance
Cybersecurity: the word conjures up images of software engineers in lab coats feverishly analyzing cryptographic code in an effort to thwart an attack from a country somewhere on the other side of the globe. Seemingly daily reports of major data breaches are now coupled with warnings about a cybersecurity “talent gap,” meaning that there is a critical shortage of the highly technical professionals in the workplace who are specialized in cybersecurity.
This is true. However, much of the work necessary to protect business data does not fall within the purview of the technical cyber-specialists. The foundation of any good information security program is good information governance. In short, before you secure your data, you have to know your data. You have to know what data you have, where you have it, why you have it and how you use it. This may seem like a seductively simple task, but often … Continue reading “Good cybersecurity means good info governance”
