CISO Best Practices Cyber Security

Should Cybersecurity Professionals Care about Data Privacy?

Most people agree that keeping the private information of their customers, users, and clients private is a high priority. Data breaches and leaks degrade trust, hurt reputations, and can result in legal proceedings. These issues, for better or worse, typically fall on the shoulders of legal teams and, perhaps, a chief privacy officer or privacy team. Often, cybersecurity teams are left out of privacy conversations entirely. This is a mistake.

Cybersecurity is as fundamental to the privacy of data just as data privacy is to cybersecurity; if a network is not secure, the data of its users will not remain private for long. Cyberattacks can impact the confidentiality, integrity, and availability of data but only if the attackers can access it. Privacy professionals need the cybersecurity team.

However, the relationship is not one-sided. Privacy teams and privacy regulators are doing all they can to ensure that stored user data is kept to a minimum and is stored in a way that prevents the likelihood of it getting out should a data leak occur. The practices of the privacy-minded have a secondary consequence of dissuading attackers from attacking in the first place– if an attacker’s goal is to steal and/or leak user data, the absence of a huge payload at the end of an operation will deter them away from your network.

If these teams learn to work together rather than in separate silos, they can create a data environment that reduces the attack surface available and allow for better resource allocation towards other, less preventable cyberattacks. There is not and never will be a silver bullet for a secure network, but continuously minimizing the chance of a payout will put your organization and the data of your users in a better position.

For this reason, cybersecurity teams should be paying attention to the changing landscape of data privacy in the United States and around the world. As of January 2023, California, Colorado, Utah, Virginia, and Connecticut have active data privacy laws while Oregon, Oklahoma, Mississippi, Tennessee, Iowa, Kentucky, Indiana, New Jersey, New York, and Massachusetts have introduced and are considering data privacy legislation. The American Data Privacy Protection Act (ADPPA) which would institute a national data privacy law was introduced to Congress last June and has recently been moved to committee, signaling continued interest in this kind of regulation. Globally, over 80 countries including the European Union, United Kingdom, Brazil, Australia, Hong Kong, India, Japan, and South Korea all have federal data privacy regulations. 

Consortium Networks was founded on the principles of helping people solve their cybersecurity problems and facilitating necessary communication between technology and cyber professionals and the board. We believe that communication is just as important between privacy and cybersecurity teams because data privacy regulation is not going away and these teams can work together to build more secure networks for the benefit of their customers. This data privacy day, we encourage you to learn more about what your organization is doing to ensure data privacy and see how you can work together for the benefit of all.