Pressing lack of ICT-lawyers trough Hailing Data Leaks. Within 1.5 years certainly 25,000 additional privacy specialists are needed; questioned quality training.

October 19th 2016

– Bart Schermer –
Since January 2016 there are already more than 4000 exposed data breaches reported to the Government Authority for Personal Data. This is a sign of an acute shortage of specialist ICT lawyers. Within 18 months there will be certainly a shortage of 25.000 privacy specialists needed in the Netherlands to bring the usage of data in line with the European requirements, says Bart Schermer, partner at legal consultancy Considerati and associate professor of ICT law at the University of Leiden.

At this time there are only a thousand ICT lawyers in our country, in particular they are active for the large multinationals. ‘’That leads to a gold rush among privacy consultants and a proliferation of privacy-related training courses, the quality of which is questionable’’, says Schermer. Earlier this week, he shared his concerns in a lecture broadcast by NPO 3 privacy.

Lack of expertise

The explosion in data leaks according to Schermer shows the shortcomings of the privacy policy within Dutch companies and governments. “Stored data can be a potential goldmine when used properly and correctly for companies and governments. The aim is to get the most out of your data within the limits of the law, but also within the limits of what is considered acceptable in our society. Due to lack of expertise, privacy compliance for many companies and governments is becoming a ‘tick the box’ exercise now. Very dangerous now it’s clear that data leaks can draw heavily on the value of a company’’, said Schermer. Telecom provider Verizon acquired in July 2016 for $ 4.83 billion but is now demanding a discount of $ 1 billion on the acquisition, after a major data leak at came to light. Schermer recommends companies who are processing a lot of personal data to identify as quickly as possible what is being collected, and especially why.

Hailing Data Leak

Since January 1, 2016 it is required by law to report data leaks. Companies and governments have the time until May 25, 2018 to bring their operations in line with the General Regulation Data (AVG). Companies that process personal data on a large scale, companies with more than 250 employees and the public authoritie made it mandatory to appoint a Data protection officer to supervise the processing of personal data.. As of May 25, 2018, the permissiveness will be gone permanently and companies can incur fines of up to 20 million or 4% of global annual turnover.

Substantial growth of training programs offered

Privacy Consulting develops worldwide into a billion dollar business. The State Secretary of Security and Justice figured earlier in a letter to 1e Kamer (Dutch senate), stating the compliance costs for the Dutch business of 72.5 million euros in 2015 will increase to 1.1 to 1.5 billion in 2018. The lack of expertise in the field of privacy works according to Schermer like a trigger for a whole group with different levels of quality type of consultants to service the Compliance market in anticipation of the new generation of ICT lawyers. Schermer also sees a proliferation of new training programs. ‘’An important part of data operators do not have enough expertise themselves. Good education can overcome the shortage of qualified staff’’. Schermer also will soon launch a training program.” With this program we can accelerated the training of new good privacy specialists filling the gap.” The associate professor at the University of Leiden does see a bright spot: the speciality is extremely popular with young lawyers. “For a large group of law students, privacy is now the most interesting speciality. Which is Fortunate, given the acute shortage of future specialists”.