CDPSE Credential Calls Attention to Need for Technical Privacy Professionals

Shannon Donahue
Author: Shannon Donahue, PH.D., CISM, CDPSE, CISSP
Date Published: 4 May 2020

ISACA recently opened its early-adoption opportunity for its new Certified Data Privacy Solutions Engineer (CDPSE) certification. CDPSE is the latest in ISACA’s well-respected line of credentials and offers a unique certification opportunity to professionals who participate in the design, implementation and management of technology solutions that store, process and transport personally identifiable information (PII). Employers whose staff hold this certification can help to signify that enterprise objectives regarding privacy are being met, while also demonstrating to regulators that the organization has strong governance to ensure compliance with applicable privacy laws and regulations.

As technology has evolved, businesses have exponentially increased the amount of data, and PII in particular, that they collect from customers. The data is used for many reasons, and often emerging technology solutions are applied to improve the use, quality and value of the data. We know the benefits that this brings to business. By leveraging big data and associated analytics, businesses can make more informed decisions, such as targeting the right groups of people for select services and ensuring that product solutions are offered to the right markets.

In many cases, PII has become the primary driver for enterprises, such as in the case of DNA analysis leveraged by companies and online fitness and health offerings. Due to the current COVID-19 pandemic, many enterprises have had to completely change how they interact with customers – medical appointments, for instance, have largely gone online. The wall of manilla folders as the source of patient health information doesn’t exist in many places anymore; instead, medical records are stored in an electronic health record.

As consumers, we are made well aware of the risk associated with companies losing data that is our private information, and we can make choices about who we want to share that data with, but all too often the trust in these companies is lost because adequate technical controls haven’t been employed.

As a result of personal privacy concerns, a myriad of regulations and laws have been created to address this issue in a partial attempt to increase our trust that the companies that collect, store and use our personal information are doing so in a secure fashion. Much attention has been brought to PII and the risk to the individual, as well as the potential impact to enterprises from the legal requirements that surround it, but what we have not had as much public discourse around is how enterprises are ensuring that those they employ are appropriately trained and skilled in handling the data.

Privacy by design is a concept that has gained traction in the last 10 years or so but is not always understood and addressed. The privacy by design concept is really about the enterprise ensuring that privacy is considered throughout the entire product engineering and development lifecycle. Enterprises need to be certain that people in key roles understand what PII is, what the value of PII is, how the data can be used, stored, shared and transported, and how to ensure that the data is appropriately controlled.

ISACA’s members over time have expressed the need to have a credential for those technologists who are part of the privacy by design process—from technical, data management and governance perspectives. While technical privacy professionals are increasingly common as staff in large enterprises, it is important, now more than ever, that they can be identified so that this important role is globally recognized, and enterprises can hire the appropriate staff with the requisite knowledge and skills – ensuring that they are involved in decisions regarding enterprise information assets.

While technology and security are critical factors in enterprises’ well-being today, the desire from consumers to receive services that are personalized and tailored to them, and offered up in an omnichannel format, has increased substantially. In order to do this, customers must trust that the enterprise collecting and using their personal information is taking reasonable measures to ensure that the data is controlled, protected and used in the manner for which it was intended. There are new threats to enterprise information, and we know that PII is highly valued by bad actors that can sell PII to other bad actors with malintent. It is critical that enterprises understand the benefits of customer trust and take appropriate measures to sustain that trust. Employing credentialed individuals who have demonstrated knowledge and experience in the handling of PII is an excellent way to do so.

ISACA has always been a place where professionals can go to obtain globally recognized credentials that demonstrate their knowledge, skills, abilities and experience. Today, we invite you to join us in this increasingly important and in-demand area. If you are a technologist who participates in the privacy by design process – or one who needs to understand the technology process and workflows – please download the application for CDPSE. Whether you are an existing ISACA member who already has credentials or a person new to ISACA, we welcome the opportunity to serve you and help you grow in your career in as a privacy technologist.