NIST began to explore these issues and found the idea of developing and recruiting a workforce that can properly manage privacy risk is a natural extension of what the agency is already doing with the Privacy Framework. Now, a new initiative launched by NIST aims to take that idea and turn it into tangible resources.
The NIST Privacy Workforce Public Working Group will gather individuals from the private and public sector, academia and civil society to create materials to help organizations develop a workforce that has the tools to address privacy risk.
"We knew that the benefits of using the Privacy Framework are enhanced when organizations have a sufficient pool of knowledgeable and skillful privacy professionals to draw from to build a workforce capable of managing privacy risk," said Gilbert. "We really wanted to make sure that we were helping to meet these stakeholder challenges by thinking about what it means to build a workforce capable of managing privacy risk."
The Working Group operates as a public forum for anyone who wishes to participate, and Gilbert estimates more than 500 people have already signed up. Gilbert operates as a co-chair of the Working Group, a title he shares with Discernable CEO Melanie Ensign, Esperion Therapeutics Director of Information Security and Privacy Mary Chaney, CIPP/US, and IAPP President and CEO J. Trevor Hughes, CIPP.
"I think the project is a very important undertaking," Chaney said. "The field of privacy is booming and it’s only going to continue to do so given the multitude of legislations coming out. We have, from a talent perspective, an opportunity to give people an idea of the types of characteristics, traits and skills they need to be successful."
Gilbert said NIST is drawing inspiration from the cybersecurity workforce framework developed by the National Initiative for Cybersecurity Education. The NICE workforce framework provided Task, Knowledge, and Skill Statements organizations could use as building blocks to help an organization meet its goals for a cybersecurity workforce.
The NIST Privacy Workforce Public Working Group's main objective will be to develop TKS statements to guide organizations as they build a workforce to manage privacy risk. The Working Group will consist of two teams. Each team will create a TKS statement based on one category from the NIST Privacy Framework.
“The Project Team assigned to one Privacy Framework Category will come together and work on creating the (TKS) statements associated with the outcomes and activities in that category," Gilbert said. "While they are doing that, there will be another Project Team in charge of a different Privacy Framework Category. We want to let the members of the public Working Group decide, as a group, on where we will begin in the Privacy Framework and how we will proceed through the Categories as we work on creating these TKS statements."
Once a team has crafted the TKS statement for a particular category, it will be dissolved, and a new one will form to tackle another area of the Privacy Framework. Starting May 12, 2021, the Working Group will meet every other week to discuss the progress that has been made. Gilbert said the meetings may also be a forum to discuss shifts in strategy or adjustments that may be needed to achieve optimal success.
Ensign, Gilbert and Chaney all expressed their enthusiasm for the Working Group to kick off the proceedings. Ensign in particular said the community engagement is the part of the initiative she's looking forward to the most.
"It’s something that NIST does very well. We saw this on the cybersecurity side, and they’ve continued the same process on the privacy side with getting community involvement," Ensign said. "It helps us in identifying blind spots. Even those of us who have been in the industry for nearly two decades have not seen everything there is to see. Having community participation helps us identify areas that we may not be aware of and helps us think more creatively about how these outcomes can be achieved."
Chaney is looking at the co-chair position as an opportunity to continue striving for the goals that have motivated her throughout her career.
"As a Black female, I feel like it’s important for us to take a more active thought leadership role in different things that impact our career," Chaney said. "As a leader and as a mentor in this space, that’s what drives me to do anything. How can I be of service to everyone? What drew me to put my hat into this space is the importance of the mission."
The Working Group will operate until it makes its way through each category of the Privacy Framework. Gilbert doesn't know how long that will ultimately take; however, time isn't the most important element of the initiative but rather creating resources for anyone who needs it.
It's a mission the co-chairs are ready to begin, and it comes at a time when they believe privacy professionals are in need of real help.
"One of the most common misconceptions about privacy work is that it can be accomplished effectively through a single lens or a single discipline," Ensign said. "There is no way with the current regulatory landscape and customer expectations that a single discipline is going to be able to do this on their own. It is a truly multidisciplinary effort, and in order for individuals to prepare for a career in this profession, as well as to give organizations a framework by which to think about how they structure and build privacy teams, this initiative is really focused on helping both of those groups understand what privacy work is, what tasks that need to be done, what specific outcomes that need to be achieved and the type of skills that are needed to have a really effective privacy program."
Photo by Jeremy Bishop on Unsplash
If you want to comment on this post, you need to login.