January 28, 2013 - ISACA, a nonprofit association, marked Data Privacy Day with the announcement of a global task force on data privacy that will address the needs of businesses and government organizations worldwide.
The Privacy Advisory Task Force will drive research, guidance and advocacy, and will help IT security, risk, governance and assurance professionals use the COBIT framework to manage the rapidly growing issues related to the use of information online.
Compromised data can be costly, averaging $5.5 million per organization, according to the seventh annual Ponemon Cost of a Data Breach report. Enterprises also face rising regulatory pressures. In the US, potential changes include the proposed APPS Act, which would obligate mobile application developers to be more transparent about the use of personal data; the Federal Trade Commission's adoption of amendments to the Children's Online Privacy Protection Rule (COPPA); and the long-awaited final omnibus rule on HIPAA from Health & Human Services, which expands liability for businesses (and their subcontractors). Organizations conducting business in Europe face the proposed EU General Data Protection Regulation, a sweeping plan to standardize privacy requirements across all EU countries.
ISACA analysis shows that these challenges are amplified for multinational companies by the absence of global standards and the rise of mobile devices and cloud computing, which make it easy for data to travel across borders. Yet ISACA’s 2012 IT Risk/Reward Barometer revealed that only 16 percent of organizations forbid cross-border travel with company data on mobile devices.
“The current debate about data privacy is just the tip of the iceberg. As technologies like Big Data and mobile devices keep making it easier to offer better customer service and online access, enterprises will experience growing pressure to collect and share private information,” said Jeff Spivey, CRISC, CPP, PSP, international vice president, ISACA, and vice president, RiskIQ. “Companies want guidance on how to strike the right balance between profiting from data and protecting data.”
As a Data Privacy Day Champion, ISACA recognizes that organizations have a responsibility to secure their part of cyber space and the networks they use. ISACA’s Privacy Advisory Task Force will focus on defining and prioritizing the knowledge needs and services valued by those who manage or support privacy initiatives. ISACA members include chief privacy officers (CPOs) and chief information security officers (CISOs) from a range of Fortune500 companies. Task force participants represent all regions worldwide and will be announced in February 2013.
“NCSA is pleased ISACA is supporting Data Privacy Day and providing a larger year-round strategy and offerings to help businesses and government organizations manage data privacy issues from an IT risk perspective. Respecting privacy and safeguarding data are responsibilities we all share,” said Michael Kaiser, executive director, National Cyber Security Alliance.
ISACA’s privacy guidance includes:
- Joint training with Deloitte & Touche—“Introduction to Privacy and Data Protection
- Personally Identifiable Information (PII) Audit/Assurance Program
- Dedicated privacy community within the ISACA Knowledge Center
- Educational sessions at the North America CACS Conference (15-17 April, Dallas, Tex.): “Privacy Risk Assessment in Cloud Computing” (KPMG) and “Barbarians at the Gate: Taming Global Privacy Requirements” (workshop by Deloitte & Touche)
