A Compass for Privacy Leaders

When Todd Fitzgerald wrote CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (CRC Press, 2019), his goal was to help business leaders responsible for their organization's information security.

The book was critically acclaimed — it was named to the Cybersecurity CANON Hall of Fame in 2020 and was the top-selling cybersecurity book by publisher Taylor & Francis Group for each of the past five years. Since its release, though, Fitzgerald noticed a gap in the privacy and data protection field. While his book focused on information security leaders, there was not a comparable resource for privacy leaders. 

Now there is. 

Fitzgerald co-authored The Privacy Leader Compass: A Comprehensive Business-Oriented Roadmap for Building and Leading Practical Privacy Programs (CRC Press, 2024), with Valerie Lyons, corporate director and chief operations officer at BH Consulting, a data protection and cybersecurity firm based in Ireland. Lyons has a PhD in information privacy and is a top-rated speaker on privacy issues, digital ethics, and privacy. 

"Security and privacy are so interrelated that it made sense to provide a structured roadmap for those responsible for privacy in their organizations and include insights from leading chief privacy officers and industry experts," said Fitzgerald, who is a member of Northwestern Engineering's Master of Science in Information Technology (MSIT) program's Industry Advisory Board (IAB) and teaches courses on cybersecurity leadership and IT risk management. "There is no other privacy book on the market today that provides this roadmap in a structured manner with actionable advice from global privacy experts."

Privacy and security are closely connected disciplines, but there are unique differences. Privacy leaders ensure personal information that is collected from users is necessary, maintained accurately, disclosed appropriately, and protected. Information security leaders also focus on that protection component, specifically ensuring risk of compromise is reduced to an acceptable level.

The book features insights from more than 60 global privacy leaders at Adobe, Amazon, Google, Microsoft, TikTok and other organizations. Ann Cavoukian, who created the Privacy by Design principles that are written into 40 global privacy laws, including the European Union's General Data Protection Regulation (GDPR), wrote the foreword to the book.

"Key experts involved in shaping the laws, as well as data protection authorities from over 15 countries were included," Fitzgerald said. "These leaders were intentionally chosen due to the respect they have in the industry."

The book is not a collection of articles, Fitzgerald emphasized, but a structured roadmap infused with individual perspectives to enhance each step of the process. The roadmap follows the McKinsey 7-S Model to help privacy leaders with strategy, structure, systems, style, staff, skills, and shared values. 

Fitzgerald incorporates lessons from CISO Compass in the two MSIT courses he teaches. He's excited to now add key aspects of The Privacy Leader Compass to the curriculum moving forward, particularly around artificial intelligence (AI).

"Students will have a greater understanding of the laws that are driving our relationship with customers and information usage," he said. "With AI being at the forefront, privacy concerns are a critical issue. No matter what the information technology role is that students want to pursue, these privacy concepts and their practical application need to be understood to be even more effective."