The International Association of Privacy Professionals (IAPP) today announced a new certification: the Certified Information Privacy Technologist (CIPT). The certification is designed to address “the growing need for individuals in the IT, security and engineering professions to be knowledgeable about data privacy as it relates to the key role they play in product development and risk management.” The release on the availability of the new cert further states that “the CIPT program will provide training to IT professionals on the foundational elements for embedding privacy into a company’s IT program including establishing privacy practices around data collection and transfer, understanding consumer privacy expectations and responsibility, as well as developing privacy notifications.” Jeff Northrop, IAPP’s CTO, spoke with IT Business Edge’s Kachina Shaw about the need for this certification.
Shaw: Attention to protecting data privacy is growing to a fever pitch in IT circles, it seems. What are IT professionals expected to know about privacy protection now?
Northrop: We are in a new privacy landscape: Increasingly, consumers are demanding privacy protection, and awareness is growing related to the Snowden situation last year, the departure of the Target CIO, and other businesses suffering breaches. Most recently, we see the news that Ebay has suffered a breach. Data protection authorities around the world are reacting to these relatively new consumer demands.
At the same time, other organizations are finding new uses for, and demand for, data they collect. Data is now a valuable core asset. So on one side, consumers are uncomfortable with uses of their personal information. On the other side, businesses have a need for new uses of this information.
Organizations require a role to help extract maximum value from data while minimizing the risk of upsetting consumers, which can lead to everything from brand damage to regulatory issues. IT pros are well-suited to fill this role. They know the where, when, who of data, and for what purposes it is being used. Those are precisely the things that must be understood. It’s a golden opportunity for IT, whose role is growing in importance to the well-being of the organization.
This is also an opportunity for professional development. We often struggle as professionals to move from senior roles to the executive roles, such as CIO, CISO, CTO or CSO. Those roles are increasingly filled by MBAs who might not have the same level of technical skills but have demonstrated experience solving strategic issues. IT pros tend to be tactically oriented and we lack chances to show our strategic abilities. Security offers the opportunity to show that skill set.
The CIPT is the world’s first certification for IT to demonstrate knowledge in privacy issues. It demonstrates that the certificant has competency to protect privacy and is a good fit. Our job at the IAPP is to promote the use of best practices and the careers of those in charge of protecting data, and this is the way to accomplish that.
Shaw: You said the need for increased privacy protections is related to a greater role for IT in maintaining the organization’s well-being. Is this an area where greater centralization is required, as opposed to other areas, where IT’s control is lessening?
Northrop: Privacy risk is relatively new, and grows as new uses for data grow. Organizations are scared, and they’re not quite sure how to proceed. At this point, policies, etc. may still be dispersed, but the person managing the mitigation strategies needs to be at a high level for a cohesive strategy. In that model, as data propagates, risks don’t spread.
Shaw: Who will the certification be appropriate for?
Northrop: Anybody in charge of managing sensitive data should have this certification. In the event of a breach, and it’s not “if” but “when,” as regulators are knocking on the door, the person who manages the data will have to answer questions. With the knowledge behind this certification, that person will have better answers, and a better understanding of the issues.
The core of where this certification is needed is among those people who manage data, which is largely a security function, and others who wouldn’t self-identify as security pros, but have similar responsibilities and will also want the certification.
It’s very important to understand the context around privacy now. Privacy risks are relatively new and poorly understood by my colleagues. I come from a software development and network security background. I understand how new this is for them.
For more information on the CIPT certification and other IAPP credentials, please visit https://www.privacyassociation.org/certification/.