Privacy and Security
imfrom51
Member Posts: 97 ■■■□□□□□□□
I work in the Information Security Dept. at a hospital, and, at this time we report to a director, who reports to the VP of Privacy, who reports to the Chief Compliance Officer. Does this make sense? Reporting to Privacy seems the wrong route to take. I think that this step needs to be taken out, so we can report directly to the top CCO and avoid any conflict of interest with any other dept.
What is the work flow at your job? What are your recommendations, and why?
Thanks
What is the work flow at your job? What are your recommendations, and why?
Thanks
Comments
-
tpatt100 Member Posts: 2,991 ■■■■■■■■■□I would probably ask what is the actual role and responsibility of the Privacy position?
At my last job we reported to the IAO and IAM personnel for each department/division. We report to them stuff we find but it's not like we have to do whatever they ask of us. But they do sometimes direct requests to our Project Manager. -
laidbackfreak Member Posts: 991I would probably ask what is the actual role and responsibility of the Privacy position?
+1 for that
while best practice is to be a seperate entity, lifes not always that simple, so compromises are made and the risks accepted
oh fwiw my lot report in to the estate's dept !! talk about a 10 year step backwards!if I say something that can be taken one of two ways and one of them offends, I usually mean the other one :-) -
GAngel Member Posts: 708 ■■■■□□□□□□Alot of the roles are just under different names in disguise. There is no standard that says you have to have a CISO/CPO etal so companies may give the role a different name. The job functionality is usually the same or very closely related.
-
imfrom51 Member Posts: 97 ■■■□□□□□□□Thanks for the info everyone. I guess that we are going to be having a meeting in the next couple of weeks to figure out what is going to happen. We are going to be having some changes in management, so I think that now is a good time to suggest any changes we would like to make. The toughest thing at the moment is the the VP of Privacy, who we report to, has no real Security experience. Infact, and I quote, the vp said that we are "too technical" and that we need to "dumb everything down to an 8th grade level" so they can understand. The way I see it, is that, I would like someone in my corner, who can defend the team, back us up, and understand how important security is. The VP is excellent when it comes to the Privacy issue(s). There are no problems there. It's just that security gets put to one side as the buck seems to stop with the VP and no further.
Just my rant. Thanks for reading.