ABSTRACT
Although there has been some progress with unifying security and privacy roles in recent years, in many organizations the people responsible for privacy are still completely separated from and in entirely dierent departments than the people responsible for security. Often these departments do not communicate, or even acknowledge or understand the compelling relationship that essentially exists between the two. Too often privacy is considered a purely legal issue, the responsibility for which is often handed to organizational legal counsel. Or, it is ignored altogether as a separate issue, and management assumes it will be addressed by all the various business units during the course of doing business. Security is too often viewed as a purely technical issue, and the responsibility for security is more often than not placed within the information technology or networking support area-often buried beneath several layers of management. And the twain never meet. Security personnel must be actively involved in privacy issues and crafting privacy policies, and privacy personnel must be actively involved in security issues and crafting security policies.
