• Skip to main content
  • Skip to footer
  • About
    • Leadership
    • Code of Ethics
    • Privacy Commitment
    • Fellowship Awards
    • Media
  • Get Involved
    • Membership
      • Advancing the Profession
      • Member Benefits
      • Why Join the PACC
      • Member Contact Update
    • Donate
      • Donor Bill of Rights
    • Speaking Invitations & Media Requests
    • Speak Out
    • Volunteer
  • Certification
    • Why Pursue Certification?
    • Benefits of certification
    • Certificate or Certification?
    • Apply for Certification
    • Recertification
    • Certification FAQ
    • Accreditation
  • Careers
    • Current Opportunities
  • Resources
    • Strategic Privacy and Access Resource Center
      • Parents & Teachers
      • Standards
      • SPARC Contribution Guidelines
    • Recommended Reading
    • International Data Flows
    • Commissioners
    • Publications
    • Training & Education
    • Speaking Invitations & Media Requests
  • News & Views
    • Stay Informed & Avoid Spam
    • Guest Post Guidelines
  • EVENTS
    • Call for Proposals
    • Past Events
    • Data Privacy Day
  • Privacy Matters
  • Login

The Privacy and Access Council of Canada

The voice of privacy and access

Cart

Correlating Cyber Security and Privacy

19/Feb/2019

The Learning and Innovation Hub at the Canadian Centre for Cyber Security recently issued a draft Cyber Security Curriculum Guide for Post Secondary Training and Education Providers “for public dissemination and open use.” The Guide provides a role-based perspective on post-secondary cyber security curricula in two domains: security and business.

Setting aside the fact that the “public” is tightly restricted to subscribers of an internal Government of Canada website, it is important to note that the Guide is intended to “provide a catalogue of curriculum elements that establish a national benchmark against which post-secondary institutions, including private sector providers, can assess their programs, courses, and micro learning programs.”

As part of the development process, the Centre conducted an environmental scan that addressed cyber security specific programs, largely technical in nature, and business-related programs, largely non-technical in nature. Researchers also collected anecdotal information from subject matter experts, business councils, professional associations, community groups and others that have reinforced the results.

Among the most important findings from the scan and subsequent analysis, researchers determined that “Programs that focused on generating graduates for the workforce, predominated. Relevant, yet underrepresented topics were: the Canadian legal and policy context including personal information protection and privacy; ethical considerations including workplace and investigatory practices in organizational contexts; integrated risk management; business communications; and emerging issues.”

Despite the glaring underrepresentation of topics related to “the Canadian legal and policy context including personal information protection and privacy,” however, the draft Curriculum Guide does not include privacy among any of the role-specific basic, intermediate, or advanced key education or training topics listed in the Guide.

The Guide notes that strategic planners and policy analysts might be required to be able to identify “other related federal, national or provincial imperatives and compliance requirements (e.g. Privacy, etc.).”

Similarly, financial analysts must be able to forecast cyber security incident/privacy breech costs. How they might do that without a good understanding of the harms and unintended consequences can arise from privacy breaches is anyone’s guess.

Training topics for advanced-level communications specialists include “Managing crisis communications arising from a cyber security incident or privacy breech” — but that does not require any particular knowledge about how breaches are caused or skill in preventing breaches; it only requires skill in communicating about breaches. 

The draft curriculum for entry-level Cyber Defence Operators is equally sanguine, noting a training requirement for “Legal and ethical responsibilities associated with cyber security operations including conduct of investigations, privacy, and preservation of evidence.” Once again, though, there is no mention of knowledge or training about privacy law or generally accepted privacy practices.

The draft Cyber Security Curriculum Guide for Post Secondary Training and Education Provide is a valuable opportunity to ensure that privacy and access to information are included and well addressed in cyber security curricula. In its current iteration, the Guide is a missed opportunity that helps to further entrench the current state of siloed domains, with security practitioners continuing to suffer from an inadequate understanding (and often incorrect perceptions) about the requirements, nuances, laws and practices relating to information privacy and access to information and how those interrelate with cybersecurity.

Note to Reader: PACC members can view the draft CYBER SECURITY CURRICULUM GUIDE and submit comments to registrar_at_PACC-CCAP.ca. Comments will be anonymized and submitted to the Canadian Centre for Cyber Security.

Filed Under: Access/FOI/ATIP, Government, Professional Development, Standards Tagged With: Events & Training

Footer

PACC is the voice for privacy and access.

PACC is Independent  •  Non-profit  •  Non-partisan  •  Non-government

PACC is dedicated to the development and promotion of the access-to-information, information privacy, and data governance profession across the private, non-profit and public sectors.

PACC is the certifying body for access and privacy professionals, and engages in outreach efforts to advance awareness about access, privacy, and data protection.

Recent Posts

  • Denmark bans Gmail and Co from schools due to privacy concerns.
  • UK Introduces Data Protection and Digital Information Bill
  • Have your say on certification as a tool for Transfers
  • India breaking E2EE
  • Covid App Closure

ABOUT

MEMBERSHIP

CERTIFICATION

CURRENT OPPORTUNITIES

RESOURCES

BLOG

CONTACT

 

Thanks to QuestionPro’s wide range of free survey templates designed by industry experts. We now know exactly where to improve
…………

© 2022 · Privacy and Access Council of Canada · Maintained by SLIcore Design.