This page provides the latest updates and documents related to the collaborative development of a privacy risk management workforce taxonomy.
A skilled and knowledgeable workforce is a key pillar of an effective privacy program. Unfortunately, stakeholders have signaled that demand for a robust and effective privacy workforce is outpacing supply, as recognized in the Privacy Framework companion roadmap. We believe that the first step towards the development of a workforce capable of managing privacy risk is the creation of a privacy workforce taxonomy, aligned with the Privacy Framework, to provide a common language around roles, tasks, knowledge, and skills. Such a taxonomy can help organizations better achieve their desired privacy outcomes, support recruitment with more consistent position descriptions, and inform the education and training of professionals to produce a more skilled and knowledgeable workforce. We’re coordinating with our National Initiative for Cybersecurity Education (NICE) Program to align our efforts and provide a more modular approach to addressing workforce needs for privacy and cybersecurity.
In keeping with NICE’s recently released draft for a new, streamlined structure of the Workforce Framework for Cybersecurity, the output for this effort is intended to be listings of tasks, knowledge, and skills and examples of organizing them into work roles and competencies that organizations can use in a modular fashion to address their workforce needs for privacy and cybersecurity.
We welcome stakeholder input on this effort from a wide range of roles—even those who may not consider themselves to be privacy professionals (e.g., IT, cybersecurity, legal, product development, human resources, and marketing), but can still have a role in managing privacy risk. In particular, we are interested in feedback about: