by Angela Guess
Eric B. Parizo of Search Security recently reported, “Many organizations lump information security and data privacy together, meaning infosec teams end up managing privacy issues by default. That’s not necessarily a bad thing, according to one data privacy expert, but privacy comes with many new problems and few easy answers. During a presentation on data privacy issues for information security professionals this week at the 2012 (ISC)2 Security Congress, Jeff Northrop, IT director with the Portsmouth, N.H.-based International Association of Privacy Professionals, told attendees they shouldn’t shun data privacy responsibilities.”
Parizo reports that Northrop stated, “As information security professionals, we should want to assume these [privacy] responsibilities; that’s good for our profession… And by good for our profession, what I really mean is, you can make more money, and money’s good.” Parizo added, “However, Northrop indicated infosec pros are often surprised to learn their organizations’ privacy practices are suspect at best. He said the general public defines privacy as anonymity, meaning data they provide to third parties won’t be made public or used to identify them.”
