Protecting privacy and advancing digital trust go hand-in-hand. That was among the main themes of a recent ISACA Live episode with Betsie Estes, ISACA’s Director of Content Development, and Safia Kazi, ISACA’s Principal of Privacy Professional Practices.
There are two pillars of digital trust that are crucial to privacy, according to Kazi: confidence and integrity. Organizations’ transparency about why they are collecting data and what they are going to do with it is key in both establishing integrity and gaining users’ confidence.
“If you are trying to gain digital trust, you also have to be sure that you’re protecting people’s privacy. The two really do go hand-in-hand,” Kazi said.
When Estes asked how privacy professionals, including ISACA members, are already supporting and advancing digital trust, Kazi said they are working with data subjects to ensure that their data is kept safe and private, and ensuring their organizations are not collecting too much data, thereby increasing digital trust and decreasing their threat surface, as well as utilizing privacy by design.
Estes asked about how privacy professionals can drive digital trust initiatives within an organization. Kazi responded with findings from ISACA’s Privacy in Practice survey, which report that two of the biggest setbacks are understaffed privacy professionals and lack of proper funding. Kazi advised that working with different departments would allow practitioners to better understand their roles in upholding privacy while also maximizing time and energy. Perhaps her most important statement, though, was that organizations need to understand the data that they have and the data ecosystem they are a part of.
“If you don’t know what you have, there’s no way you can protect it,” Kazi said.
Digital trust is not only from user to organization and vice versa, but it is also between organizations. If there is one untrustworthy party involved, it could inflict major damage on the organization’s entire operations. That is why ISACA is approaching digital trust with data ecosystems in mind and creating the Digital Trust Ecosystem Framework. This framework, to be released later this year, will be useful for privacy professionals to bridge these gaps within their organization, save time and work efficiently.
Kazi said, “I think the Digital Trust Ecosystem Framework is a really great way to see, ‘Alright, here’s what we need to do and here’s how we can do it.’”
View the full ISACA Live episode here. For additional privacy resources from ISACA, please see Privacy by Design and Default: A Primer and relevant white papers, and be on the lookout for a white paper on 5G privacy coming soon.