Information professionals are our one true hope to surviving in the digital age. Those such as privacy officers, information officers or data protection advisers are at the front lines in protecting society.
The recent cyber attack on the Waikato District Health Board has, among other such recent incidents, highlighted the importance of such staff in preventing future losses and attacks: the loss of personal information led in this instance to denial of access to life-saving treatment, which in turn it is not hard to see the negative repercussions such an attack could leave.
Personal information may be the new oil in a sense, and the increasing attacks targeting it signal its increase in value. There is a human aspect that is often neglected here: vulnerabilities are more likely through human error than technical.
In turn this necessitates investment in human resources and the associated costs. However, failure to do so may result in even greater costs with reputational damage, public backlash, and regulatory scrutiny including fines.
Info Sec professionals will assume ever-increasing prominence in the 21st Century. The chief privacy officer will be as important as the chief financial officer. Even existing roles such as client relationship advisers, recruitment consultants, data analysts and people and culture managers require solid understanding of ethical and legal frameworks surrounding the use of personal information.
Digital literacy is about more than technical skills such as, for instance, how to generate and use data analytics. It encompasses also being able to evaluate the legal and ethical limits to such techniques. Ethics alone is insufficient as understanding the legal frameworks surrounding data use and how these intersect with ethical as well as other standards governing data are required.
Privacy and information professionals require specialized skills. Understanding legal and regulatory frameworks is a starting point. But, where managing data is concerned, understanding the legal requirements is not enough: one must be versed in techniques of implementation at the organizational level.
In turn this means engaging with the internal management dynamics of the organization and being able to design accountability criteria and mechanisms. Soft skills are also desirable, and these include advocacy with stakeholders and knowing how to resolve conflicts before they escalate.
In a digital age, privacy and information-handling skills are as important as financial literacy or software creation. Organizations that make the necessary investment in staff education inevitably reap the regards, while those that fail to do so learn the hard way. Don't fall victim to a cyber attack due to simple cyber ignorance, just don't.