Antoni Bosch-Pujol (Europe) - Concern for Data Protection and Privacy Motivates CDPP Program Credit: Plaza - by flikr.com
Security

Antoni Bosch-Pujol (Europe) - Concern for Data Protection and Privacy Motivates CDPP Program

Data Protection and Privacy are a strategic element in a globalized world. In fact, security-privacy can become a very controversial subject.

Almost on a daily basis, the mass media broadcast pieces of news related to leaks, data losses or massive publication of sensitive - or even critical- personal information on behalf of companies and institutions in different countries.

Recent reports published by the Spanish National Institute of Communication Technologies (INTECO) show worrying data, such as that only 14% of SMEs in Spain know the Spanish Data Protection Regulation lead to the Data Protection Act (in force since April 2008). Of the total number of small & medium size businesses with automated files, just 37% say they have declared themselves on the Spanish DataProtection Authority (AEPD) registry. It has been found that only 16% have actually declared, which makes the figures even worse.

In contrast with this lack of awareness, experts agree on the idea that both at national and international levels, we are heading towards an environment where reputation related to personal data protection will have an increasing importance. Nonetheless, organizations still do not pay the necessary attention to this issue, and the Data Protection Officer (DPO) is not recognized enough in Spain, despite the fact that reports from Article 29 Working Party and the European Commission have been supporting the need to create it for years.

The ENISA Working Group on Privacy & Technology report identifies major gaps and challenges in privacy and data protection induced by technology, and makes specific recommendations targeted at various stakeholders (e.g. EC, industry, academia, Data Protection Authorities, ENISA, consumer organizations etc.).

The growing importance of the person responsible for privacy, the importance of data protection, its close link to the information security governance, and the necessity of a reference certification in this field are the main reasons for launching the Certified Data Privacy Professional (CDPP) program.

The objectives of the program are:

 

  • To develop and mno,aintain a testing instrument that could be used to evaluate individual competency when conducting Privacy Implementations and Audits
  • To provide a mechanism for motivating Data Privacy Professionals, and to maintain their competencies, while monitoring the success of the maintenance programs
  • To aid top management in developing a sound Privacy Governance by providing criteria for personnel selection and development

 

The certification is an initiative of the Data Privacy Institute (DPI-ISMS), created by ISMS Forum Spain last July. The expert committee has been working on the certification program classifying the tasks in seven areas or domains and rated the relative importance of each of the seven domains to privacy and security.

1. Privacy Fundamentals (5%)

2. Legal Framework (Laws and Practices) (22%)

3. Specific Scope (Public and Private) (18%)

4. International Scope (10%)

5. Protection of Information Assets (15%)

6. Incident Management and Response (10%)

7. Information Systems Audit and Control (20%)

For those of you interested in becoming a CDPP, the next examination is to be held in June of 2011. In addition, the certification is likely to be granted to those professionals who can prove they have relevant professional experience, according to the criteria established by the experts committee, and following a grandfathering scheme, similar to those used in other renowned international certifications.

Antoni Bosch-Pujol is CEO at Institute of Audit & IT-Governance (IAITG), Director of Data Privacy Institute (DPI-ISMS) and Founder/President ISACA-Barcelona Chapter.

PREVIOUS ARTICLE

«Ali Ahmar (Middle East) - "Ethernet Fabric" - A Network Architecture for the Virtualized Data Centers

NEXT ARTICLE

Kui Kinyanjui (Africa) - Charting the Explosion of Africa's Mobile Phone Sector»

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should we donate our health data the same way we donate organs?