If there was any lingering doubt that robust cyber and data privacy goes far beyond a box-ticking exercise, you need only look at the £37 billion wiped off Facebook’s value last week in light of the Cambridge Analytica scandal.
With the EU’s General Data Protection Act (GDPR) fast-approaching, Facebook’s complicity in the Cambridge Analytica harvesting of 50 million profiles for political targeting acts as a timely reminder about the importance of ethical data management. Clinging onto headlines worldwide, the story has provided the Information Commissioner’s Office (ICO) a golden opportunity in the way of warning against data privacy misconduct. Any companies previously hoping to drop under the radar are now facing the stark realisation that data protection goes deeper than face-level compliance. It’s about honesty, integrity and trust – and recognising the ramifications of betraying these for commercial benefit.
The ICO has been clear in setting out potential penalties (i.e. a maximum fine of €20m or 4% of global turnover, whichever is higher), but companies should be wary of the deeper implications non-compliance can have on their brand equity. One week post-whistleblowing, the steady backlash against Facebook is almost palpable. Its name is appearing variously in Federal Trade Commission investigations, polls showing declining popularity, a mass #DeleteFacebook campaign, and full-page apology ads taken out in several national newspapers. There have even been requests from the U.S. Senate and UK Parliament to testify about Cambridge Analytica’s connections to President Trump’s election campaign, and therefore wider links with Russia. Where the trail ends is uncertain – but the next few months are sure to be critical for Facebook as it battles to remedy a plummeting market position.
From a recruitment perspective, it comes as no surprise that we have seen a significant boost in appetite for cyber security and data privacy professionals. The cost of being unprepared is simply too high to ignore. In particular, demand is rising for skills in data protection and privacy, data loss prevention, cyber risk management, third-party assurance and information risk. Expert candidates in these remits are typically courting several organisations’ attention, and their time has truly arrived as they have their pick at a premium. It is also worth noting that while these areas are in obvious need today – as GDPR preparedness, planning and implementation takes shape – regulations will continue to develop, driving both project and permanent talent strategies. In fact, post-deadline, healthy ongoing practice in privacy, monitoring and assurance will far outstrip the noise and bright lights of 25 May 2018.
For further information on cyber security and data privacy recruitment, please contact firstname.lastname@example.org.