Published: March 2018
Privacy is hot. Security knows the feeling.
Much as the move to digital products and services necessitated a new profession of information security, so too has the move to personalized products and services created a new profession of privacy professionals.
However, while the two professions often work together, they have long worked differently. Security has traditionally worked in binary states: access or no access. Privacy has traditionally worked along a spectrum that’s context dependent. Is it personal data? Well, that depends.
Privacy has largely been a matter of law and policy. Security has largely been a matter of technology and policy. Now, that’s all changing.
With the European Union’s General Data Protection Regulation, and other more stringent pieces of privacy regulation coming into force the world over, “adequate security” is now mandated by law. And with these complex pieces of legislation has now come a class of technologies to help privacy teams understand and comply with them operationally.
Increasingly, this means the professional lives of information security and privacy professionals are overlapping, captured perhaps in the European idea of “data protection.” It’s clear these two classes of professionals need better ways to work together, better methods of communication, and common tools.
Thus, the IAPP and OneTrust have undertaken the task of mapping the most common security operations standard, ISO’s 27001, to the world’s most influential piece of privacy legislation, the GDPR, so as to create a framework for understanding just how closely they align and how much of the work toward GDPR compliance that security has likely already done.
With this research project, we have identified six main areas of common ground that should help every organization align their security and privacy operations in a way that will create efficiencies and, hopefully, reduce the risk of a damaging incident while increasing productivity and customer trust.
We hope you find it useful and worthwhile.