Several companies include a data privacy team that is understaffed and not proficient, according to an ISACA survey
Fines and lawsuits for privacy violations have inked newspapers for way too long. With the advent of the European Union’s General Data Protection Regulation (GDPR) and the CPRA that amends the California Consumer Privacy Act (CCPA), a sense of urgency looms over C suite executives. As brands are susceptible to a reputational tarnish for risking customer data, several organizations have a privacy team now. Yet, experts question their capabilities.
In a survey, ‘Privacy in Practice 2021’ conducted by ISACA, 77 percent of respondents claimed that their board of directors prioritize privacy. Though several enterprises are confident about their privacy measures and believe that they achieve compliance with the new privacy laws, the number of privacy breaches has not decreased in the last 12 months.
Brands need to have a near-zero TAT on the detection, and they need to have technical skills to eliminate threats in the digital and AI sphere. In an exclusive with ITSecurityWire, CISO Matt Stamper of EVOTEK states that “Privacy practitioners must stay current. Practitioners need to understand changing technology stacks, the pervasive use of algorithms used in consumer-oriented applications, cross-border data flows, and of course, cloud computing.”
With high-profile privacy failures, brands are frantically looking to equip highly skilled professionals into their data privacy team. Professionals who can level with legal and database administration departments and have the ability to assess privacy needs are on top of their list. “This specialization and domain knowledge takes time to acquire – in many ways, this dynamic is not that dissimilar to what we’ve seen with respect to cybersecurity,” adds Stamper.
The survey also addresses the multiple factors of common privacy failures, which include lack of training or inadequate training, failure to perform a risk analysis, and bad or nonexistent detection of personal information. Seventy-seven percent of respondents report that using privacy control, including encryption, is one of the most efficient methods to overcome privacy breaches.
In response to the understaffing, 47 percent responded that hiring managers have been training non-privacy staff. Ninety-two percent of respondents in the privacy teams of companies started their careers in IT or security.
On the other hand, data privacy was a matter of dire importance only when the laws surfaced to support customer privacy. Talking about the early privacy trends, Stamper remarks, “Until recently, privacy programs were really not programs at all, and the limited privacy staff at many companies reflected that. Grossly exaggerated, an organization’s legal staff would draft a privacy notice for the organization’s website and occasionally validate compliance with regulations such as HIPAA-HITECH and the GLBA.”
While an increased demand for technical data privacy experts is expected, a mere privacy design set up will not help customer acquisition. The WFH culture has also expanded the target region, making data protection programs and an in-house privacy team a more significant challenge. Brands have a crucial task in hand, especially when digital communication has crossed the horizon.
For more such updates follow us on Google News ITsecuritywire News.