When an incident occurs involving personal data or sensitive information, many organizations bring together their chief information security officer (CISO) and chief privacy officer (CPO) to help formulate a response and identify a root cause. All too often, though, that’s the only time when these two leaders and their information security and privacy teams collaborate to address a challenge.
One reason for this lack of collaboration is that these teams often take the narrow view that information security is a technology challenge while privacy is more of a legal or governance challenge. In those instances, CISOs and CPOs might be missing out on convergence opportunities that would allow them to proactively identify and mitigate potential risks the organization is facing.
While CISOs and CPOs use different metrics and data points to measure performance for their unique teams, your organization might want to consider establishing common controls that can foster collaboration between the two so that it can manage risk more consistently and proactively.