Are rapid technological and industry changes responsible for the skill gap in the industry?
Add a layer of privacy to data and you get data privacy.
Simple, isn’t it?
How I wish this math could add up in such a simple manner! As a data security and digital trust practitioner, I come across one of the biggest challenges that the industry faces, and that doesn’t even have to do with bad faith actors. It is the big question about the skills gap in the industry. I believe that this isn’t actually a skills gap problem, but rather a problem of lack of executive support to consider data privacy as a key pillar in building digital trust. If you look at the recent ISACA report – Privacy in Practice 2023 – you’ll be astonished to find that the average number of data privacy professionals in an organization is just 26! And this includes legal and compliance practitioners, technical IT staff, risk professionals or security professionals. The 26 members aren’t all technical privacy professionals.
Now contrast that with the number of professionals in any other practice in an organization and you’ll see how stark the difference is.
Technological and industry changes have been evolving at a higher pace over the last two decades with the pace having picked up even more in the last decade. This applies to all technologies, nascent and established. Today, you can find a cloud computing expert with relative ease, as compared with even five years back. Many professionals who had been working on legacy technologies have transitioned to roles and skills in cloud computing. It took time, that’s a given, but it also had executive support across industries. As more industries realized the importance of developing services and products based on cloud computing, the proliferation of professionals took place all over the world.
So, how is data privacy different from this example?
One key difference is that cloud computing has reached a threshold where it can be commoditized. Businesses are no longer dependent on large enterprises to move to the cloud; smaller but niche firms are getting that done at scale. The second is that organizations have internalized the process of skilling employees on these technologies at scale and are perfecting it with every new set of professionals. These programs are flexible to accommodate advances in technology as they come.
There’s a tremendous role that data privacy practitioners can play in raising awareness about the deep impact that a robust data privacy program can have. Privacy by design, as Industry calls it, requires the integration of data privacy and digital trust principles and policies across the organization, at every level. The legal and monetary impact of a data privacy breach is high but what’s even more problematic is the damage that such an event can do to the organization’s brand reputation. Firms with executive support for data privacy programs from the highest echelons of the organization, the Board, will thrive.
Data privacy skilling programs within the organization, bringing not just cybersecurity professionals to the program but those from other technologies, is an immediate step the organizations can take to build their data privacy capabilities. It is possible to achieve with proper support and a concerted effort in skilling professionals. Partnering with niche data privacy vendors and professionals outside the organization is also an option as there’s merit in learning from those who possess such skills. These could include skilling partners, executors, strategists or even contractors. This is what the pre-proliferation days of cloud computing also looked like.
A skill gap can be filled with the right executive direction and support, coupled with structured skilling programs. Technologies, by virtue of their existence, will continue to evolve and more challenging problems continue to rear their heads. The fun part is to build an excellent data privacy organization, the tough part is to build awareness for data privacy. It isn’t a long road, but it’s a narrow one right now. With more professionals, this could turn into the superhighway enterprises need it to be.
(The author is Ms. Deepa Seshadri, Partner, risk advisory, Deloitte India; member of the ISACA Emerging Trends Working Group and the views expressed in this article are her own)
