Getting privacy and security teams on the same page is a critical component of a robust security posture.
Consider this scenario: An organization’s privacy team rolls out a new third-party risk management system that required devoting significant hours and budget, building out a privacy questionnaire, developing the flow of the assessments, and configuring software. After the privacy team sends out assessments, it begins to receive responses from the third-party recipients such as, “I already completed a security assessment. Why is this coming separately?” and “Our contract requires us to respond to only one assessment annually, and we have already completed a security assessment for your company.”
This situation – security and privacy teams acting independently – is all too common. Privacy and security teams might share similar strategies, but when they operate independently of one another, their similar systems and processes can overcomplicate the organization’s approach, and the teams can end up competing with one another for attention and resources. Too often, even with numerous shared goals – managing third-party risk, meeting data regulation requirements, responding to incidents and potential breaches, and ensuring that data is processed and stored securely and ethically – privacy and security teams remain siloed, and they rarely come together to collaborate. Organizations that want to strengthen their security postures should evaluate their privacy and security teams and work to increase collaboration between them.