With the ever-changing technology landscape, evolving newer privacy regulations—including a proposed Data Protection Bill in India—and demanding customer contractual privacy obligations, privacy skills are the need of the hour. Newer privacy laws and regulations require organisations to implement privacy by design and by default into the business, IT systems, networks and applications.
These factors create plenty of opportunities for many professions such as privacy, information and cybersecurity, risk, legal and regulatory compliance and IT. Implementing a privacy program requires privacy professionals to work with business teams including support functions, software developers, system and network engineers, application and database administrators, and project managers to build data privacy and protection measures into new and existing business and technology environments.
Privacy professionals are often classified into groups including:
- Legal / compliance: those who have a knowledge of the laws and regulations around privacy with which an enterprise must comply
- Technical: people with an expertise in the technology that can achieve privacy objectives
- Techno-legal: those who are competent in both technical and legal aspects with respect to privacy
Currently, the industry is understaffed in technical privacy roles, and the demand for privacy professionals is only expected to increase over the next year. According to ISACA’s recent Privacy in Practice 2022 survey report, 63 per cent of global respondents anticipate increased demand for legal/compliance roles and 72 per cent expect more demand for technical privacy roles.
The survey also found that global respondents cite the top skills gaps in candidates as experience with different technologies and/or applications (65 per cent), understanding the laws and regulations to which an enterprise is subject (50 per cent), experience with frameworks and/or controls (50 per cent) and lack of technical experience (46 per cent).
Along these lines, it is important for those pursuing a technical privacy career to develop skills in implementing privacy by design and privacy by default, as well as in privacy induction, training and awareness; doing privacy impact assessments and privacy risk assessments; conducting privacy internal and supplier audits; and addressing privacy breaches and managing incidents. Privacy professionals should also be able to correctly interpret privacy rules, laws, and regulations into technical requirements. Additionally, skills in information and cybersecurity, as well as soft skills such as communication and leadership are important.