Like all mature professions, data protection is based on a common set of competencies
At last
After decades of access and privacy laws being on the books, and practitioners (and employers and HR professionals) guessing at what it takes to be a privacy or access professional, a few visionary PACC leaders had a bright idea: They decided to do something to formalize a profession that had come into existence in reaction to laws being enacted, but with little guidance or structure.
In 2009, after years of research and development, with support and participation of employers and data protection regulators across jurisdictions, PACC published the Essential Trilogy — the foundational Core Competencies & Professional Standards, the Common Body of Knowledge (CBK), and the principal Code of Conduct for the profession — and launched the PACC’s Professional Certification Program, which embodies the concepts in the Essential Trilogy.
The Essential Trilogy shone a light on the profession’s basic competencies. Using clear, easy-to-understand statements that provide a foundation for data protection professionals, regulators, recruiters and employers to manage professional and career development, the Essential Trilogy was a bold step to bring the profession out of the dark.
What PACC started as a forward-looking endeavor has become the first National Standard of competency for privacy, access, and data protection professionals:
CAN/CIOSC 109-1, Privacy – Part 1: Qualification and Proficiency of Access-to-Information, Privacy, and Data Protection Professionals
The Essential Trilogy provides the most comprehensive description of the generally accepted levels of skill, knowledge, and ethical standards and conduct that define the modern access and privacy profession
The Essential Trilogy forms the basis of the National Standard of Competency for access, privacy, and data protection professionals. It benchmarks the skills and competencies needed to be masterful at each level of a data protection career, while offering flexibility that reflects differences between industries, sectors, and roles.
Although developed long before the GDPR, the concepts reflected in PACC’s Core Competencies & Professional Standards, the Common Body of Knowledge, and Code of Conduct — which are embodied in PACC’s Professional Certification Program and the National Standard — reflect current global data protection and information governance requirements
.
