In the modern history of the privacy profession, the one constant dynamic has been the rapid development of new technologies that has reflexively created an industry that is in a perpetual state of innovation and growth. This growth has brought benefits to organizations and their customers, but has also presented challenges. Among those challenges, growing a skilled and knowledgeable privacy workforce has been a top priority. The National Institute of Standards and Technology is helping to address this issue with a Privacy Workforce Public Working Group, which launched in April 2021.

“Workforce development is a key stakeholder challenge,” NIST Privacy Policy Advisor Dylan Gilbert said. “As we looked to create descriptions of essential privacy tasks, knowledge and skills to help meet this challenge, the public Working Group idea presented itself as the best option to leverage the entire privacy community to lend their knowledge and experience to this process.”

The Privacy Workforce Public Working Group features approximately 750 privacy experts from across the commercial and public sectors, civil society and academia, he said. The group, which is co-chaired by Esperion Therapeutics Director of Information Security and Privacy Mary Chaney, CIPP/US, Discernable founder and CEO Melanie Ensign, IAPP President and CEO Trevor Hughes, CIPP, along with Gilbert, has been divided into multiple project teams. 

Each project team is responsible for creating task, knowledge and skill statements related to their specific categories within the NIST Privacy Framework. The ongoing project teams are tackling policies, processes and procedures and risk strategy development for the data processing ecosystem, and business environments.

“The goal here is to align tasks, knowledge and skills with the privacy risk management outcomes and activities in the Privacy Framework Core,” Gilbert said. “For the Privacy Workforce Public Working Group, they’re working to answer the ‘How’ question: How does my organization achieve the risk management outcomes it has prioritized? And when the work is done, we’ll have identified and documented the tasks, knowledge and skills required to achieve those outcomes.”

Gilbert said one of his main hopes to come out of the PWWG development process is the creation of a universal set baseline of knowledge and skills to bolster privacy risk management well into the future. He said the Privacy Framework is not just about ensuring there will be an adequate workforce to meet the compliance challenges for the evolving privacy regulatory ecosystem, but developing more universal understanding of privacy among professionals.

“Certainly, addressing compliance is going to be at the top of the mind for both organizations and privacy professions, but when we talk about workforce at NIST, it goes beyond compliance, it’s about effective risk management,” Gilbert said. “The PWPWG is helping to create a common understanding around privacy in the workplace and to facilitate the interdisciplinary coordination and collaboration needed for privacy risk management practices.”

There is still time for privacy professionals to participate in the PWPWG’s work, Gilbert said. Professionals with technical expertise are encouraged to join since the categories for system capabilities will be worked on next. On the Privacy Framework’s NIST webpage, it lists the active project team and how to subscribe to their email lists, which include links to participate in meetings.

“The PWWG is an ongoing process,” Gilbert said. “I strongly encourage any privacy professional to join our group and lend their expertise because this field offers a rapidly changing legal landscape and innovations in data processing. It’s a one-of-a-kind opportunity to shape the future of our profession.”