Addressing privacy workforce challenges

By Abhishek Tiwari, CDPSE, Member of the ISACA Emerging Trends Working Group, and Manager, KPMG India and Shashank Shekhar Pandey, Consultant, KPMG India 

Privacy is an ever-evolving field, and that is also reflected in the workforce needed to support effective
privacy in organisations. The demand for both technical and legal/compliance privacy positions
worldwide is high, given the current technology-related advancements and privacy regulatory landscape
that organisations operate in.

Data privacy professionals require a basic and working understanding of systems, technology, sectoral
understanding of the business, and last but not least, regulations. Organisations require candidates for
privacy roles to be innovative and out-of-the-box thinkers. They should have the key skills of the problem–
solving and adapting quickly to the working environment. This problem-solving approach becomes
especially important when it comes to translating complex legal requirements to business needs while
utilising the existing infrastructure of the organisations to be able to blend those action items seamlessly
into business as usual.

However, there are challenges that organisations face in finding suitable candidates for their privacy
roles. In ISACA’s recent Privacy in Practice 2024 survey report, respondents indicate that experience with different types of technologies and/or applications, experience with frameworks and/or controls, and technical expertise are the top three areas where they see the biggest skill gaps in today’s privacy professionals. Additionally, a lack of clarity concerning open privacy positions along with an understanding of the relevant skillsets required to do the job effectively can be major roadblocks.

Privacy as a job profile is very dynamic, and one size does not fit all. As privacy overlaps with other domains, we may find people with multiple skill sets in the domain of privacy, such as technologists, lawyers, and data analysts. However, they may not be exactly suitable for the position, an organisation is aiming to hire for. Organisations and hiring teams must be clear about the job description, certifications, and relevant experience required for their roles. Organisations should also aim to look for someone capable of conducting end-to-end operations in their specialised domain, such as assessments, inventorisation, advisory, and audits.

Organisations can ascertain the candidate requirements and then move ahead for discussion and finalisation of candidature. If they cannot find the right candidate, organisations may also consider training existing employees to move into privacy roles; ISACA’s Privacy in Practice survey report found that 50 percent of global respondents have done just that.

The dynamic nature of privacy and its growth, both horizontally and vertically, pose a definitive challenge for the teams handling privacy for different organisations.

The solution is to remain updated with the following:
– Trends in the market
– Common concerns that may be sector-specific or domain-specific
– Technological advancements (emerging technology) and regulatory frameworks (existing and
emerging) in terms of usage and applicability to one’s organisation
– Vulnerabilities and exposures in existing technology and regulatory frameworks

To nurture and strengthen their privacy teams, organisations should focus on regular training of privacy
team members and enable them to attend industry-based events both domestically and abroad to discuss and understand issues and solutions and learn about different approaches. Apart from focusing on their training and industry interactions, it is also recommended that they be encouraged to obtain certifications and keep upskilling while at work. This won’t just add to their skillset, but also to the organisation’s privacy capabilities.

Privacy professionals also need to stay focused on their professional growth outside of what their organisation offers. We all get a bit rusty when we stop practicing the skills we have acquired; privacy pros should be proactive and keep working on the skills they have acquired over time to tools and processes. They should keep an eye out for how to make processes leaner and automation effective at their organisations. Professionals should always be aware of the value they bring to the table and be able to back that up with their performance.

Being updated with current privacy trends and the regulatory landscape, clearly identifying privacy workforce needs being open to new options for meeting them, investing in training and workforce development, and building a culture of continuous improvement are all vital. By committing to these approaches, an organisation will have an invincible privacy team.

Note: The views and opinions expressed are those of the authors in their personal capacity and do not necessarily reflect the official policy or position of any organisation.

ITprivacytechnology
Comments (0)
Add Comment