Security Expert Interview Series: Elisabeth Schnitzer

Data privacy is far more than just the security and protection of personal data. In this interview, we spoke with Elisabeth Schnitzer who is holding the position of Data Privacy Professional. She studied European Law and is passionate about helping businesses reach their data protection goals. Continue reading to discover her insights on the biggest issues that companies must address from a privacy standpoint when they suffer a data security incident. Elisabeth also discusses what can be done more to encourage more women to consider a career in tech.

Security Expert Interview Series #16: Elisabeth Schnitzer

1. Everyone has their unique story to arriving at Data Privacy Professional role. What is yours?

As a coordinator of the European Social Fund (Programming Area) in Bolzano, I was responsible, among other things, for digitalising the application process. In this regard, data protection also had to be ensured. Unlike the rest of my colleagues, I became surprisingly interested in the topic. One thing led to the other and I started following the data protection file.

One year before the GDPR came into force, I was working at the European Commission in Brussels. There it got clear to me how important the topic is not only from a regulatory point of view, but from a social perspective as well.

Furthermore, I have also always enjoyed working in the IT environment. The atmosphere is slightly different from working with lawyers. In general, I like to work in an interdisciplinary way. Therefore, all these different aspects and career steps have shaped me into a Data Privacy Professional.

2. What has been your most career-defining moment that you are proud of?

The most career-defining moments for me were the negative experiences. For example, realising that the legal system and the legal profession are somehow different from what I had expected. Retrospectively, it was the reason why I looked for something else and finally ended up in the data privacy domain.

3. What soft skills do you think are most important for data privacy specialists?

Interdisciplinarity, a pragmatic way of working and a good sense of responsibility.

4. What are the 2 biggest issues that companies must address from a privacy standpoint when they suffer a data security incident?

I don’t think it can be reduced to two general problems. Of course, a risk assessment must be performed. That involves making a decision on how seriously the data subject might be harmed and the probability of this happening. How many people might be affected and where did the data actually go? These questions are crucial for a risk assessment. Furthermore, the category of data affected by the incident can also increase the risks and lead to a major problem.

For me, an important point to have in mind is that incidents frequently do not occur due to external attacks but because of negligence on the part of the own employees. Therefore, it is important how the company plans to deal with it – to raise the awareness of the employees might be a good first step.

5. Could you please tell us what was the most important information security lesson you learned in 2020?

From a data protection perspective: Data protection seems to be a „fair-weather“ issue and is often overlooked or simply considered less important during the current covid-times. This can be observed across the whole Europe.

6. What trends do you expect to see in information security in the next 3 years?

I believe that the introduction of the Swiss Data Protection Act 2022 and the corporate preparations for it will improve the standards in Switzerland. This will certainly also put even more vigilant eye on data breaches. The correct handling of data breaches and information security incidents will become an increasingly important topic anyway. Especially, the increase of people working in a home-office mode using partly their own computers makes securing the end devices and establishing secure VPN or other remote connections even more essential.

7. What are the things you have learned being a woman in information security?

I don’t think there are special takeaways just because I am a women. However, I find that IT-Security is a women-friendly environment. Perhaps, because it is less competitive. In any case, the percentage of women in IT security should definitely increase. Unfortunately, I was often the only woman in the meetings.

8. What do you think we should be doing more of to encourage more women to consider a career in tech?

Of course, it all starts with the right education and social patterns. If you let boys drive a tractor and girls do the dishes, then you are already shaping them in a certain way. Only a part of society can change if girls are allowed to drive a tractor now, but boys still do not have to help in the household. At the same time, I think it is important to consider how IT should be approached and taught in schools. I know the school system in Italy, where history and geography are still more popular than subjects like media and computer science. This then affects women and men equally.

Then, of course, there is the issue of balancing work and family life. Flexible working hours can help – it would also be helpful if men would use these flexible work arrangements. The fact that paternity leave is limited to 14 days in Switzerland doesn’t really help either.

As a mother, I have a feeling that I am more willing to give up a career or money to take care of my child than my partner. My maternal instinct and the pregnancy hormones will not allow it otherwise. So in the age of quantum computers, we are still just mammals after all. And maybe that’s exactly the point. Maybe we should stop trying to squeeze women and their needs into a professional world designed for men. If it was more about WHAT than HOW, meaning more about the actual results rather than how many hours one spends in the workplace, then that could be a step in the right direction.

9. Is there one piece of advice you wish somebody gave you at the beginning of your career?

“Die Anderen kochen auch nur mit Wasser”. I think this can be translated into English as: “they also put their trousers on one leg at a time”. In the professional world, we are all replaceable and that is a good thing.

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.