Data privacy and information security are both critical components of building customer trust for organizations. Privacy protects our personal data and empowers us to control its use, while security shields information against unauthorized access and threats. Balancing these needs is key, like finding the sweet spot between convenience and robust protection.
In the face of challenges posed by emerging technologies, evolving regulations and the escalating volume of data, privacy and security teams often find themselves stretched thin. To address these issues effectively, enterprise leaders can better leverage the intersections between privacy and security disciplines. By doing so, they not only enhance performance in both areas but also strengthen their overall approach to safeguarding sensitive information. It is crucial for leaders to actively seek connection points between these disciplines, fostering collaboration and ensuring a holistic approach to data protection.
Transparency and trust are vital foundations; organizations must be clear about data practices, while individuals can strengthen their defenses through safe online habits. The connection between security and privacy are evident in ISACA’s recently released Privacy in Practice 2024 survey. According to the survey, data breaches rank among the top three privacy program failures alongside inadequate training and lack of privacy by design. Failing to secure customer data can lead to severe consequences that may lead to privacy violations for affected customers. This in turn, may also expose organizations to regulatory peril and possible long-lasting reputational damage.
Still, the distinctions between privacy and security can often be muddled. Vice Vicente addressed the distinctions well in an AuditBoard blog post, writing “privacy-relevant information usually ties back to a human being. Meanwhile, under security, you might have sensitive data that has to do with a company’s metrics or strategy. Although company information is sensitive, it does not necessarily have an impact on the privacy of the individual, their identity, or their data.”
While there are distinctions between security and privacy, fostering initiative-taking, intentional collaboration between the teams can yield better results for both disciplines.”
Information security encompasses additional imperatives, including data recovery and managing incident response repercussions. In contrast, privacy teams spend substantial time addressing legal and compliance mandates, especially in the context of evolving privacy regulations.
While there are distinctions between security and privacy, fostering initiative-taking, intentional collaboration between the teams can yield better results for both disciplines. Sharing a detailed data inventory is one example. Providing a clear understanding of what data is collected and maintained by the enterprise is crucial for both privacy and security functions, particularly in handling personally identifiable information. There also are technical areas in which security teams can leverage sound privacy protocols. According to the ISACA Privacy in Practice survey, for those whose organizations embrace privacy by design, half or more use more privacy controls than are legally required, leading to cryptographic protection (59%), data minimization and retention controls (54 percent) and improved data quality and integrity (50%). These methods can make the job of security professionals more straightforward and achievable.
Ongoing collaboration between privacy and security professionals is especially key in executing enterprise projects and initiatives. That is why both functions should be represented on a cross-functional taskforce (for enterprises large enough to have dedicated security and privacy functions). By having representatives from privacy, security and related digital trust fields represented, the organization can drive toward holistic approaches to leveraging technology effectively, responsibly and ethically, while also keeping key compliance considerations top-of-mind for all stakeholders. Cross-functional taskforces play a pivotal role ensuring that security and privacy are considerations are integrated from the outset of projects and product development, minimizing the risk of costly recalibrations or remediations in later stages.
Although cybersecurity has been a hot-button issue and dominated discussions among enterprise leaders for nearly a decade, the imperative to prioritize data privacy has gained momentum in recent years, particularly with the introduction of regulations like GDPR and similar regulatory requirements taking root across the globe. While security and privacy interests share some overlap on the Venn diagram, there are distinctions that call for practitioners with specialized expertise. Collaboration between security and privacy professionals can significantly enhance the impact of their work by fostering a connection between functions and moving away from siloed approaches. Joining forces on comprehensive data inventories, developing a shared understanding of necessary actions needed to protect critical data and committing to an ongoing knowledge exchange will allow security and privacy professionals to navigate their increasingly challenging roles with greater efficiency and effectiveness.
Ultimately, a proactive and collaborative approach, involving everyone from security to privacy to IT teams to users, is crucial to forging a secure and privacy-conscious digital future.
Pam Nigro is the Vice President of Security and Security Officer at Medecision. She also is an ISACA Board Director and was the 2022-23 ISACA Board Chair. Image courtesy of Nigro
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!
ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.
ON DEMAND: Explore the latest developments in digital forensics with an in-depth look at FTK 8.
Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.