As a former chief privacy officer (CPO) of a publicly traded commercial real estate services firm, Maria D’Avanzo worked in close partnership with her company’s chief information security officer (CISO). They had regular meetings, shared information and issued joint messages and guidance on topics that had both privacy and security implications. Here, D’Avanzo explores the important lessons this collaboration taught her — including the fact that too few organizations prioritize collaboration between CPOs and CISOs.
If we’re to be more proactive in identifying and preventing privacy and security risks, CPOs and CISOs must work together now more than ever. Security teams can’t protect personally identifiable information (PII) like names, Social Security numbers, home address, phone numbers and personal email addresses if they don’t understand what and where the information is; and privacy teams can’t exist in a company without the security controls in place to protect PII.
Private information won’t remain private if it isn’t protected properly. Once the privacy team understands and tracks how the company intends to collect, store, use, process and dispose of PII, the security team can then develop and implement appropriate safeguards to protect that PII.
