The global skills and competency framework for the digital world

#1299 Address Privacy change request accepted

Theme for consideration: Privacy has an overlap with security practices but is not the same thing as security. How will SFIA8 ensure we address privacy alongside security in the generics and perhaps in specific skills?

Being careful to steer away from legal expertise and keep a focus on digitial professionals, some example sources for more information include:

Current status of this request: accepted

What we decided

Include in

  • review of information and cyber security skills for SFIA 8 
  • generic attributes
  • review of IRMG skill - readability and the Data protection references in IRMG 7
SFIA Updates Manager
Apr 22, 2020 04:04 PM


Privacy v. security…isn’t it the same thing?

Not really. But they are kissing cousins. Data privacy is focused on the use and governance of personal data—things like putting policies in place to ensure that consumers’ personal information is being collected, shared and used in appropriate ways. Security focuses more on protecting data from malicious attacks and the exploitation of stolen data for profit. While security is necessary for protecting data, it’s not sufficient for addressing privacy.

Ian Seward
Jun 02, 2020 10:05 AM

This is an interesting CR and one that I hear a lot about from the global community. There are 5 security skills and 20 other skills where security is explicit. In addition security is in every level (within the Business Skills generic). Privacy is not mentioned and probably should be - and not just throw the GDPR acronym into some shopping list.

Lumping the two 'kissing cousins' together for a moment, here is a suggestion: We could firstly; take the security components of Business skills out into a separate Generic Attribute called Security and Privacy - and add new generic privacy content. That would satisfy the needs expressed to me from a generic and professionalism point of view. Secondly we should look to determine whether there are any 'privacy skills' that should be brought out explicitly - I'm not an expert in this area so would look to gaining such experts in this discussion to advise.