Hi, I am Brendon Lynch, Director of Privacy Strategy in Microsoft’s Trustworthy Computing group. Among other things, my team’s work includes engagement with external privacy stakeholders and advising Microsoft product groups on data governance strategies.
I wanted to highlight some interesting research we recently conducted which explores how different roles within organizations are collaborating to protect personal information.
As you are probably aware, there is a lot of concern about personal information today. Research, including the latest edition of Microsoft’s Security Intelligence Report, shows that criminals are increasingly targeting personal information for financial gain. Other research shows that consumers are expressing concerns about shopping and banking online. We are also observing a seemingly endless string of reports of data breaches.
In response to these concerns, many organizations in both the public and private sectors are investing in people, process and technology to better govern the data they collect and manage. Looking at the people dimension of data governance, three important roles within organizations that standout are information security professionals, the data collectors and users (e.g., marketers) and privacy professionals (the newest role to emerge). We thought it would be interesting to explore how these roles are working with each other (or not!) to address data governance.
Our survey of over 3600 professionals across these three roles, and across three countries (USA, UK and Germany), was conducted by the Ponemon Institute and provided some very interesting results, including:
· Marketers consult security and privacy professionals a lot less often than security and privacy professionals think they do
· Organizations that had better collaboration between the roles reported that they had significantly less data breaches than organizations with poor collaboration
I encourage you to take a deeper look at the research results and view two related keynote presentations from Microsoft executives last month: Scott Charney, presenting to the International Association of Privacy Professionals (IAPP) annual Privacy Academy in San Francisco; and Ben Fathi presenting to the RSA Security Conference in London.
Trevor Hughes, executive director of IAPP and Peter Cullen, chief privacy strategist for Microsoft, also recorded a video discussing the data protection research and other challenges facing privacy professionals today.