Privacy officers around the world should prepare to focus on security and privacy monitoring, enforcement, and funding through the end of 2012, analysts plan to tell attendees at Gartner’s Security & Risk Management Summit 2011 coming up next month.
What’s more — as always — they should also plan on doing more with less.
“Throughout 2011 and 2012, privacy programs will remain chronically underfunded, requiring privacy officers to build and maintain strong relationships with corporate counsel, lines of business, HR, IT security, IT operations and application development teams,” Carsten Casper, research director at Gartner, said in a pre-summit overview this week.
Established relationships with regulatory authorities and members of the privacy advocacy community are also likely to prove advantageous in an ear with limited funding and resources, Casper added.
In the meantime, several key areas are likely to be leading concerns for privacy executives over the next year and a half, particularly when it comes to data breaches.
“Organizations should compartmentalize personal information, restrict access, encrypt data when transmitting it across public networks, encrypt data on portable devices, and encrypt data in storage to protect it from users who have been given too much privilege, from rogue administrators and from hackers,” the overview emphasized.
Additionally, new technologies and sources of information, such as location-based services like GPS and other collection techniques are rapidly evolving, leading to the axiom to “only collect information for the purpose for which you need it.”
Further, some technologies are seemingly at odds with each other.
For example, cloud computing is often inherently in conflict with privacy protection, and what’s legal in one country may be illegal in another country.
“Privacy officers — and enterprise decision makers — should support IT’s cloud and offshore initiatives where possible while achieving maximum privacy protection for the individual customer or employee,” the overview said.
Likewise, the importance of privacy is not determinable without the context of the information — all the while changes in the regulatory and legal milieu are ongoing.
Gartner’s Security & Risk Management Summit 2011 is scheduled to run September 19 and 20 in London.