• Skip to main content
  • Skip to footer
  • About
    • Board of Directors
    • Advisory Board
    • Code of Ethics
    • Privacy Commitment
    • Fellowship Awards
    • Media
  • Get Involved
    • Membership
      • Advancing the Profession
      • Member Benefits
      • Why Join the PACC
      • Member Contact Update
    • Speak Out
    • Volunteer
    • Donate
      • Donor Bill of Rights
  • Certification
    • Apply for Certification
    • Recertification
    • Why Pursue Certification?
    • Certificate or Certification?
    • Accreditation
  • Resources
    • Strategic Privacy and Access Resource Center
      • Parents & Teachers
      • Standards
      • SPARC Contribution Guidelines
    • International Data Flows
    • Commissioners
    • Careers
    • Publications
    • Training & Education
  • Data Privacy Day
  • News & Views
    • Guest Post Guidelines
  • Contact
    • Speaking Invitations & Media Requests
    • Stay Informed & Avoid Spam
    • Partner
  • Login

The Privacy and Access Council of Canada

The voice for privacy and access

Correlating Cyber Security and Privacy

19/Feb/2019

The Learning and Innovation Hub at the Canadian Centre for Cyber Security recently issued a draft Cyber Security Curriculum Guide for Post Secondary Training and Education Providers “for public dissemination and open use.” The Guide provides a role-based perspective on post-secondary cyber security curricula in two domains: security and business.

Setting aside the fact that the “public” is tightly restricted to subscribers of an internal Government of Canada website, it is important to note that the Guide is intended to “provide a catalogue of curriculum elements that establish a national benchmark against which post-secondary institutions, including private sector providers, can assess their programs, courses, and micro learning programs.”

As part of the development process, the Centre conducted an environmental scan that addressed cyber security specific programs, largely technical in nature, and business-related programs, largely non-technical in nature. Researchers also collected anecdotal information from subject matter experts, business councils, professional associations, community groups and others that have reinforced the results.

Among the most important findings from the scan and subsequent analysis, researchers determined that “Programs that focused on generating graduates for the workforce, predominated. Relevant, yet underrepresented topics were: the Canadian legal and policy context including personal information protection and privacy; ethical considerations including workplace and investigatory practices in organizational contexts; integrated risk management; business communications; and emerging issues.”

Despite the glaring underrepresentation of topics related to “the Canadian legal and policy context including personal information protection and privacy,” however, the draft Curriculum Guide does not include privacy among any of the role-specific basic, intermediate, or advanced key education or training topics listed in the Guide.

The Guide notes that strategic planners and policy analysts might be required to be able to identify “other related federal, national or provincial imperatives and compliance requirements (e.g. Privacy, etc.).”

Similarly, financial analysts must be able to forecast cyber security incident/privacy breech costs. How they might do that without a good understanding of the harms and unintended consequences can arise from privacy breaches is anyone’s guess.

Training topics for advanced-level communications specialists include “Managing crisis communications arising from a cyber security incident or privacy breech” — but that does not require any particular knowledge about how breaches are caused or skill in preventing breaches; it only requires skill in communicating about breaches. 

The draft curriculum for entry-level Cyber Defence Operators is equally sanguine, noting a training requirement for “Legal and ethical responsibilities associated with cyber security operations including conduct of investigations, privacy, and preservation of evidence.” Once again, though, there is no mention of knowledge or training about privacy law or generally accepted privacy practices.

The draft Cyber Security Curriculum Guide for Post Secondary Training and Education Provide is a valuable opportunity to ensure that privacy and access to information are included and well addressed in cyber security curricula. In its current iteration, the Guide is a missed opportunity that helps to further entrench the current state of siloed domains, with security practitioners continuing to suffer from an inadequate understanding (and often incorrect perceptions) about the requirements, nuances, laws and practices relating to information privacy and access to information and how those interrelate with cybersecurity.

Note to Reader: PACC members can view the draft CYBER SECURITY CURRICULUM GUIDE and submit comments to registrar_at_PACC-CCAP.ca. Comments will be anonymized and submitted to the Canadian Centre for Cyber Security.

Filed Under: Access/FOI/ATIP, Government, Professional Development, Standards Tagged With: Events & Training

Footer

PACC is the voice for privacy and access.

PACC is Independent  •  Non-profit  •  Non-partisan  •  Non-government

PACC is dedicated to the development and promotion of the access-to-information, information privacy, and data governance profession across the private, non-profit and public sectors.

PACC is the certifying body for access and privacy professionals, and engages in outreach efforts to advance awareness about access, privacy, and data protection.

Recent Posts

  • Guidelines 01/2021 on Examples regarding Data Breach Notification
  • Facial Recognition Cameras Here to Stay as Country’s Court System Entrenches Video Surveillance
  • IPC consultation on five-year strategic priorities under way
  • Info watchdog raps Privy Council Office for terminating access requests from public
  • A year to forget that’s worth remembering

© 2021 · Privacy and Access Council of Canada · Maintained by SLIcore Design.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkNoPrivacy policy