Addressing privacy challenges within organisations requires structured approaches. The use of best practices such as ISO and NIST frameworks provides the organisational and technical measures required to attain compliance. However, the associated human aspects of stewardship, behaviours, cultural and psychological ownership are limited. Another human-centred aspect of role confusion characterised by unclear expectations and responsibilities can significantly impact both the individual and organisational behaviour. This paper focuses on the accountability required to attain data privacy compliance. Accountability is needed for ensuring clear ownership of privacy tasks, which strengthens cross-functional collaboration, facilitates risk mitigation, and supports regulatory compliance. A process-driven compliance pattern language is proposed that facilitates the development of a RACI Matrix enabling role clarification of the organisational and technical measures required to attain compliance.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Reducing Role Ambiguity for Organisational Data Privacy Compliance

  • Mmaphefo Octavia Kumalo,
  • Reinhardt A. Botha

摘要

Addressing privacy challenges within organisations requires structured approaches. The use of best practices such as ISO and NIST frameworks provides the organisational and technical measures required to attain compliance. However, the associated human aspects of stewardship, behaviours, cultural and psychological ownership are limited. Another human-centred aspect of role confusion characterised by unclear expectations and responsibilities can significantly impact both the individual and organisational behaviour. This paper focuses on the accountability required to attain data privacy compliance. Accountability is needed for ensuring clear ownership of privacy tasks, which strengthens cross-functional collaboration, facilitates risk mitigation, and supports regulatory compliance. A process-driven compliance pattern language is proposed that facilitates the development of a RACI Matrix enabling role clarification of the organisational and technical measures required to attain compliance.