The data protection profession
is based on a common set of competencies
After decades of access and privacy laws being on the books, and practitioners (and employers and HR professionals) guessing at what it takes to be a privacy or access professional, a few visionaries decided to do something to formalize a profession that had emerged as a reaction to laws being enacted, but with little guidance or structure.
In 2009, after years of research and development, PACC published the Essential Trilogy — the foundational Core Competencies & Professional Standards, the Common Body of Knowledge (CBK), and the principal Code of Conduct for the profession. With the support and participation of regulators and employers across jurisdictions, PACC also launched the Professional Certification Program, which embodies the concepts in the Essential Trilogy.
The concepts reflected in PACC’s Essential Trilogy benchmarked the profession’s basic competencies in both privacy and access. Using clear, easy-to-understand statements that provide a foundation for data protection professionals, regulators, recruiters and employers to manage professional and career development, the Essential Trilogy was a bold step to bring the profession out of the dark.
PACC’s visionary endeavor became CAN/CIOSC 109-1 — the first National Standard of Competency for privacy, access, and data protection professionals
The concepts reflected in PACC’s Core Competencies & Professional Standards, the Common Body of Knowledge, and Code of Conduct — which are embodied in PACC’s Professional Certification Program and the National Standard — are relevant to organizations across the public, private, government, and not-for-profit sectors and reflect current global data protection and information governance requirements.
