SBN Does it make sense to make a career move from law to data privacy?

Introduction

What exactly is data privacy? According to the Free Dictionary, the word “privacy” is defined as “The state of being free from public attention or unsanctioned intrusion.” In other words, data privacy in a nutshell is keeping our information free from “unsanctioned intrusion” or, simply stated, unauthorized access.

How do we define what an “unsanctioned intrusion” truly is? For this we need a standard or government law that applies a specific definition. In view of this, data privacy and the law are intrinsically related. In order to have one, you must have the other.

An attorney has the great advantage of not only having a deep understanding of the law but being able to speak to its application in different circumstances. This is highly valuable, since there is no shortage of unprecedented ways of accessing information in today’s day and age. Adding various other factors to the mix — the internet, foreign countries, governmental legislation (local and abroad), cultures, social media and so on — all point to the need to examine different scenarios from a legal standpoint.

In connection with this thought, examples of governmental legislation shown below demonstrate the need for legal comprehension:

  • General Data Protection Regulation (GDPR)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Homeland Security Act
  • Federal Information Security Management Act (FISMA)
  • Consumer Data Security Notification Act
  • Gramm-Leach-Bliley Act
  • Sarbanes-Oxley Act

Some legislation even enforces certain items, such as having company policies that define the expected behavior of employees and business practices. When creating these policies, an information security professional may draft an initial version, but once created, they need to be vetted by the company’s general counsel’s office. This is another example in which a legal background is helpful.

In the case of GDPR, this legislation mandates the appointment of a data privacy (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Jesse Valentin. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/ugDZCHEcDrM/