[BreachExchange] Six Tips to Consider in Hiring Privacy and Data Security Experts

[Audrey McNeil]

http://www.natlawreview.com/article/six-tips-to-consider-
hiring-privacy-and-data-security-experts

Facing increasingly pervasive issues relating to privacy and data security
companies are faced with what qualifications they should think about when
looking to hire experts in these areas, and their role within the company
is becoming increasingly vital. Moreover, unlike hiring for other positions
it is common that a CEO lacks the knowledge and background to adequately
assess whether such an individual has the right expertise, and later on how
they are performing in the position. While there is no “one size fits all”
checklist, the following are some factors to consider:

1. Certification: Various certifications are available to privacy and data
security experts. In evaluating whether a privacy or data security expert
candidate has the necessary and appropriate knowledge and skills for such a
position, companies should consider whether the candidate has received any
relevant certifications. For example, professionals in these areas may have
one or more certifications through the International Association of Privacy
Professionals and/or the Information Systems Security Certifications
Consortium, Inc. While not necessarily dispositive as to whether a
candidate is qualified for a position, a certification in the areas of
privacy and/or data security may evidence a candidate’s interest in,
experience with, and maintenance of current knowledge about issues in these
areas.

2. Technical Knowledge and Practical Experience: A candidate with strong
technical knowledge may be better positioned to identify potential threats
to privacy and data security and to determine how best to prevent and
address any such threats. Perhaps even more compelling than a candidate’s
technical knowledge is his or her demonstrated practical experience in the
application of such knowledge.

3. Legal and Regulatory Knowledge: Another factor to consider is a
candidate’s familiarity with and understanding of laws and regulations
applicable to privacy and data security issues. A candidate who is
well-versed in these areas may be more qualified to ensure compliance with
pertinent laws and regulations in both domestic and international contexts.

4. Policy: In addition to understanding applicable laws and regulations,
privacy and data security experts should be able to understand, interpret,
and prepare policies to best ensure compliance with such laws and
regulations. Among other things, a strong candidate should possess
knowledge about whether the company is legally permitted to use employees’
or customers’ personal information; whether specific information is subject
to specific to more stringent rules based on the type of data involved; and
whether personal information, if used, might lead to public relations
issues or other business-related concerns.

5. Networking: Expert candidates who engage in networking and attend
conferences or similar events could be more up-to-date on relevant issues
and laws in the areas of privacy and data security. Candidates who have
presented at conferences or written articles about relevant issues may have
a heightened commitment to their field, knowledge of pertinent subject
matter, and understanding of the nuances of issues that can or may arise,
as well as how to address any such issues if they do in fact occur.

6. Independence and Analytical Skills: An expert who does not demonstrate
independence and analytical skills may not be a good fit for an
organization. Companies should look to an expert candidate’s ability to
work independently and thoroughly analyze issues pertaining to overall
privacy and data security issues and to particular incidents.

While these examples are not an exhaustive list of factors organizations
should consider, they provide some important considerations for companies
when interviewing and hiring privacy and data security experts.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170421/bb375320/attachment.html>