Cybersecurity pros haphazard participation in data privacy raises concern.

Before the General Data Protection Regulation became official in May 2018, I heard a similar story from many CISOs. Data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which data was considered as private and what could and could not be done with sensitive data.GDPR changed everything. Data privacy was no longer a background legal project but rather a set of business-critical processes, and this impacted the cybersecurity team.  CISOs were asked to utilize their operational expertise to help operationalize data privacy programs. Not surprisingly, CISOs dragged the cybersecurity team along for the data privacy ride.  According to a recent research report from ESG and ISSA, 40% of cybersecurity professionals surveyed say the cybersecurity team has taken a significantly more active role around data privacy over the past 12 months, while another 44% claim that the cybersecurity team is somewhat more active around data privacy during this timeframe.Now, it’s important to remember that cybersecurity pros are not exactly waiting around for things to do. In fact, the research indicates that 74% of organizations have been impacted by the global cybersecurity skills shortage, resulting in an increasing workload for the infosec team. Add data privacy responsibilities to the list.