Reducing Role Ambiguity for Organisational Data Privacy Compliance
摘要
Addressing privacy challenges within organisations requires structured approaches. The use of best practices such as ISO and NIST frameworks provides the organisational and technical measures required to attain compliance. However, the associated human aspects of stewardship, behaviours, cultural and psychological ownership are limited. Another human-centred aspect of role confusion characterised by unclear expectations and responsibilities can significantly impact both the individual and organisational behaviour. This paper focuses on the accountability required to attain data privacy compliance. Accountability is needed for ensuring clear ownership of privacy tasks, which strengthens cross-functional collaboration, facilitates risk mitigation, and supports regulatory compliance. A process-driven compliance pattern language is proposed that facilitates the development of a RACI Matrix enabling role clarification of the organisational and technical measures required to attain compliance.