Security vs. Privacy vs. Risk: Who Leads the Charge?
When it comes to Security, Privacy and Risk, there are many questions. Are these separate roles or one function? Are they C-suite roles? What is the right reporting structure? How can the functions work together to be effective?
While there are no easy answers, there are ways to approach the challenge of advancing security, privacy and risk within the organization:
- Keep in mind what you are trying to accomplish when establishing reporting structures. There is no consistent way to report - it’s a function as to where in the organization each function will be most effective.
- Focus on building mutually effective relationships between those responsible for security, privacy and risk.
- Security and privacy may be separate functions, but they are joined at the hip when it comes to execution. The role of Privacy is to establish policies and handle exception requests and judgments. Security acts to enforce the policies.
- Global organizations face additional challenges when it comes to privacy because of international privacy laws and legislation. Consider establishing separate groups or teams within your organization to manage the requirements of each country as a specialty.
- Perform internal security assessments to determine is any one function is lagging behind.