James Thew - Fotolia
Some enterprises are using "privacy professionals" -- from chief privacy officers to privacy consultants -- to work with their information security and IT teams to better manage the privacy implications of data security. Can you explain what privacy professionals are and how they can help strengthen enterprise security?
Data privacy has become a key issue for enterprises over the last 15 years. The E-Government Act of 2002 mandates a privacy impact assessment of any substantially revised or new information technology system in the protection of personal information contained in government records and systems. GLBA, HIPAA, HITECH Act and Sarbanes-Oxley also have a host of regulations to safeguard the security and privacy of electronic protected health information, Personally identifiable information and financial data. Although a chief privacy officer is not required in all of these regulations, corporations find it necessary to establish the CPO function to identify, locate and protect corporate and personal data. The question is how that protection is implemented.
The job of the CPO is to:
- Identify and understand legal requirements regarding privacy from laws, regulations and contract agreements
- Check whether personal data is correctly managed in respect to these requirements
- Review corporate privacy policies to ensure they cover applicable privacy laws and regulations
- Verify the correct security measures are adopted and implemented across the organization
Information security professionals are often more technical than business-focused, so working with chief privacy officers or privacy consultants ensures proper controls are deployed to protect corporate data. To augment this effort, the corporation should also have a data classification scheme to identify the most crucial data and an IT risk assessment based on that scheme. A close alliance between privacy and information security strengthens the ethos and balance of asset protection.
Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
Check out this job snapshot of a chief privacy officer.
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Mike O. Villegas
A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media ... Continue Reading
A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises... Continue Reading
Yahoo reportedly rejected a forced password reset after numerous data breaches compromised user data. Expert Mike O. Villegas discusses whether this ... Continue Reading