How can security leaders build impactful partnerships with their chief privacy officer and/or chief data officer? What can they do to ensure effective ongoing collaboration on all things data?
Sort by:
When joining an organization, it's essential to identify key roles and build relationships with those individuals. For me, this means creating a Venn diagram of who I need to talk to, and chief privacy officers and legal teams are always at the top of that list. Building strong relationships often involves informal meetings, such as buying coffee or having lunches together. Although budgets might be tight, these interactions are crucial for fostering collaboration. Regular and purposeful meetings with privacy officers help ensure that we are aligned in defining policies and governing mechanisms.
As privacy laws like GDPR become more prevalent, the role of the chief privacy officer has gained importance. Building impactful relationships with these officers involves understanding what data you have and the privacy aspects associated with it. This is especially important for those of us working globally, as it requires creating relationships not just within the US but also with counterparts in Europe and other regions. Effective partnerships are built by aligning objectives and maintaining open communication. Regular interactions, whether over lunch or coffee, help in understanding each other's challenges and finding ways to support one another. This mutual understanding is key to securing data and implementing necessary policies.
I recommend setting up a security steering committee that includes the chief privacy officer, chief data officer (or CIO), HR, business units, and finance. This committee should discuss all relevant issues, whether they pertain to privacy, security, or risk. Involving all these stakeholders ensures that everyone is on the same page and supports the initiatives being discussed. This collective approach is particularly beneficial when it comes to securing budget approvals, as stakeholders are already aware of and invested in the projects. Maintaining a symbiotic relationship with roles like risk management, general counsel, and privacy officers is crucial. We all share the common goal of implementing the right risk controls, and these relationships need to be managed and kept current, especially in a global context. When I was a chief privacy officer, I focused on use consent and disclosure, while my security counterpart focused on data confidentiality. Together, these elements form the foundation of privacy laws.
Simple, use a project management stakeholder engagement plan and register. It takes effort to populate and execute; however, the payoff is massive. If you are not prepared to put in the effort for partnership, then go and do something else. Replace RAST with your Business unit below
"Needs of RAST (What do we do that supports you?)"
"Wants from RAST (What would you want that you don't get from our team)"
"Expectations of RAST (training, advice, PESTLE scan) "
"Governance, Policies & Procedures (references)"
"Behavioural Expectations (your expectations of them)"
"Influence over RAST Projects & Individuals" Score from 1 to 4
"Attitude towards RAST Projects" Score from 1 to 4
"Perception of RAST Projects" Score from 1 to 4
"Relevance to RAST Projects" Score from 1 to 4
"Power over Projects and Individuals" Score from 1 to 4
"Legitimacy (mandate to impact activities)" Score from 1 to 4
"Urgency for RAST" Score from 1 to 4
"Total Score out of 28"
"Priority LOW (22)"
"Outcome to be achieved Message(s) you need to send to the stakeholder"
"Method How will you send the message?"
"Why have you chosen this outcome, message(s) and method? (Generally, relates to stakeholder needs, wants and expectations)"
"Who is responsible (for the management & engagement of this stakeholder?)"
By defining a methodology for developing processes with input from the subject matter experts (SMEs) you gain buy-in from the right areas of the company. Buy in, consistent application of the processes, and mutual respect for each other's expertise will foster strong relationships.
In the specific case of Security leaders and Privacy Officers data is digital and we need each other to make the right decisions. IT Security understands security as it applies to software/digital storage and our Privacy Officer understands how to read and navigate the various pieces of contracts, agreements, or legislation to ensure we mesh and not collide.