With the ever-changing technology landscape, evolving new privacy regulations – including a proposed data protection bill in India – and demanding customer contractual privacy obligations, privacy prowess is the need of the hour. New privacy laws and regulations require organizations to enforce privacy by design and by default across businesses, IT systems, networks, and applications.
These factors create a lot of opportunities for many businesses like privacy, information and cyber security, risk, legal and regulatory compliance and IT. Implementing a privacy program requires privacy professionals to work with business teams including support functions, software developers, systems and network engineers, application and database administrators and project managers to ensure data privacy in new and existing business and technology environments. and create security measures.
Privacy professionals are often classified into groups that include:
Legal / Compliance: Those who have knowledge of laws and regulations related to privacy that an enterprise must comply with
Technical: People with expertise in technology that can achieve privacy objectives
Techno-Legal: Those who are competent in both technical and legal aspects regarding confidentiality
Currently, the industry is short of technical privacy roles, and the demand for privacy professionals is only expected to increase over the next year. According to ISACA's recent Privacy in Practice 2022 survey report, 63 percent of global respondents expect an increasing demand for legal/compliance roles and 72 percent expect a higher demand for technical privacy roles.
The survey also found that global respondents cited top skill gaps among candidates as experience in various technologies and/or applications (65 percent), understanding the laws and regulations subject to which an enterprise (50 percent), frameworks Experience with and/or control (50 percent) and lack of technical experience (46 percent).
Along these lines, it is important for those pursuing a technical privacy career to develop skills in designing and implementing privacy by default, as well as by privacy induction, training, and awareness; Conducting Privacy Impact Assessments and Privacy Risk Assessments; Conducting confidentiality internal and supplier audits; and addressing privacy violations and managing incidents. Privacy professionals must be able to correctly interpret privacy rules, laws and regulations in technical requirements. Additionally, skills in information and cyber security, as well as soft skills such as communication and leadership, are important.
Privacy professionals should also have relevant experience in privacy governance, privacy architecture and data lifecycle. According to the Privacy in Practice 2022 survey findings, they are based on the EU's General Data Protection Regulation (GDPR), the US' California Consumer Privacy Act (CCPA), and India's upcoming data protection bill.
They should also be well-versed in privacy standards such as: ISO/IEC 27701:2019 Security Techniques—Extending to ISO/IEC 27001 and ISO/IEC 27002 for the Management of Privacy Information—Requirements and Guidelines, ISO/IEC 29100:2011 Information Technology - Security techniques - Privacy framework, & BS 10012: 2017 + A1: 2018 Data protection - Specification for personal information management systems.
Additionally, it is important for professionals to be familiar with privacy frameworks such as the NIST Privacy Framework, the Association of International Certified Professional Accountants (AICPA) Privacy Management Framework, the Organization for Economic Co-operation and Development, ISACA's COBIT (Control Objectives for Information). and related technologies) Framework, OneTrust Privacy Governance Framework and TrustArc-Nimity Privacy and Data Governance Accountability Framework. Professionals should also know their organization's own privacy framework, including its privacy policy, procedures and procedures, privacy notices, as well as its privacy code for customers, suppliers and business partners, and its customer contractual confidentiality obligations.
Training and certification is also an important component of qualification. It may take time for privacy teams to fill technical and legal privacy positions; The Privacy in Practice 2022 survey found that 22 percent of global respondents took three to six months to fill technical privacy positions, and 24 percent took the same amount of time to fill legal privacy roles. One of the reasons why the time taken to fill the positions is so long could be the lack of qualified applicants. When hiring new confidentiality employees, managers often look to a candidate's training and certification to validate their expertise. There are a number of technical privacy training and certifications available on the market that privacy professionals can consider taking in 2022, including ISACA's Certified Data Privacy Solutions Engineer (CDPSE), OneTrust Professional Certification and Certified Fellow of Privacy Technology, and IAPP's Certified Information Privacy professionals are involved. CIPP), Certified Information Privacy Manager (CIPM), and Certified Information Privacy Technologist (CIPT).
Furthermore, understanding how to raise privacy education and awareness and how to build a strong privacy culture in one's organization is also part of a professional's overall competence. For those in technical privacy roles, cultivating knowledge and experience in privacy governance, frameworks, regulations, privacy by design, communication and leadership will be as important as ensuring they develop critical technical privacy skills.