Corporate risk governance has matured with years of regulation and scrutiny. As a CIO I do not recall a competently performed audit focused on protecting corporate financials and related systems that did not look at security controls, continuity of operations, development and production practices, personnel, privacy, sensitivity of data, physical security of the enterprise, potential for fraud, and ethics in practice, in short, an integrated view of the protection of the business. I believe for any component of business protection to be effectively assessed it has to be in context of this wider perception of business protection for the enterprise.
In my most recent article I discuss the state of maturity for privacy as a discipline and whether PETS (Privacy Enhancing Technologies) are sufficient or is there a larger cultural and operational impediment to effective privacy. Can the lessons and structures of security and corporate risk governance mature privacy as a business practice?
I have attached the link to my article here.