Privacy as a Career(?)
In March, I'm speaking on a panel for the Internation Association of Privacy Professionals (IAPP) Summit in Washington. The topic is "Privacy as a Career." I started thinking about the topic while on a plane the other day, and jotted down a few thoughts.
This piece will probably be published in the IAPP monthly magazine in February, but since many of you aren't part of the IAPP, I thought I'd share it here as well. I think many of the themes here are applicable for privacy pros and non-privacy pros alike.
____________________________________________________________________
At the IAPP Privacy Summit in DC this March, I’m proud to tell you that I’m participating in what I think is both an interesting as well as important panel. Namely, Privacy Career Planning: Guidance from Successful Privacy Leaders. My co-panelists, representing some of the smartest in our profession, will discuss different privacy structures and roles, and share insights into how each organization embraces privacy as a career path. I’m particularly excited to take part in this because I don’t think we talk about this kind of stuff enough as privacy professionals. In fact, I’m so eager to talk about this that I couldn’t wait until March to get things rolling. So, in the spirit of beginning the conversation, I’d like to share a few observations about the privacy profession.
It’s going to take another 5 - 10 years for the role(s) of the privacy professional to solidify.
For some this may seem hard to believe given that it’s been over a century since Brandeis penned the “right to be left alone” article, and over 30 years since the development of the Fair Information Practices. But the reality is that we’re still in the nascent stage of privacy as a profession and a career path. And I see that as a positive thing. There’s some room to grow here. In fact, if you think about it, the opportunities in front of us are staggering. But this means we don’t necessarily have anything resembling a ‘typical‘ corporate privacy office, a ‘typical’ privacy consulting firm, or even a ‘typical’ privacy role.
Privacy offices emerge out of different needs and amidst very different organizational structures and cultures. My roots are in law and interactive marketing, so I tend to approach things from a different mindset than say, someone coming from the auditing world. Similarly, it stands to reason that a privacy office which sits in a corporate legal department is going to have a very different outlook, and a different approach from that of a privacy office residing in the compliance, or marketing, or finance division. I think this is going to change, but I also think such change will be gradual. And I REALLY think that we in the privacy profession can have a significant impact on what our ultimate job functions look like. (Notice I wrote that we “can,” not that we “will.”)
Just as privacy offices are in flux, and privacy roles are changing, the career path of the privacy professional is a moving target.
Bear with me on taking a minor diversion, but I’ve noticed that many of us tend to get mired in the (current or proposed) law or regulation du jour or the latest social issue, or the latest process improvement. We could all benefit from taking a step back and looking at the proverbial big picture and our place within the organization as a whole. So the question shouldn’t necessarily be, “Is your current job title a destination or a journey?” Rather, the question one should be asking as a privacy professional is “how can I use my unique skill set to create positive change within my organization?” Through this lens, it is much easier to see your job title as a journey – and an interesting one at that.
Privacy skills should be PART of your toolkit – not the entire toolkit.
It seems to me that if you have insight into the processes around safeguarding data, you may also have insight into processes around leveraging that same data to create value. For example, you may be able to help build trust metrics for online communities. Or you may have insight into customer outreach via permissions management programs.
Some of the aforementioned projects do not lend themselves to what I would characterize as traditional privacy roles. Nevertheless, they are challenges faced by businesses every day. And, more importantly, they are challenges which many in the privacy profession are well suited to address. By definition, if you are reading these words, you are in possession of a unique set of skills. Use them to address your organizational obstacles without worrying about whether it is technically within the ambit of the privacy function and I’m sure you’ll see your career prospects soar.
Be willing to roll up your sleeves
I know we’re all busy. And amidst all this activity, it’s pretty easy to settle into a routine. And if that routine does not include regular interaction with other business units, you’re not going to be as effective as you’d like.
It’s not simply about crafting a compliance checklist and throwing it over the wall to the folks in marketing. And it’s not about setting up a one-time breakfast meeting with a colleague from IT. As privacy professionals, we need to have regular and consistent involvement in the other business units of your organization. Like my friend Reed Freeman likes to say, “Invite yourself to meetings.” Expanding your influence, exposure and value within the organization is an ongoing process that requires a significant commitment of time and energy. But if you make that commitment, I can tell you from experience that you’ll have a much easier time achieving your objectives – and you’ll probably have a more interesting and satisfying work experience and career trajectory.
This is just the Beginning
I really see this as simply the beginning of the conversation. In other words, don’t worry – I’ve got lots more to say on this topic – and will, at the March Summit. And my fellow panelists also have some fantastic perspectives and experience to share. What’s key for me, is that the conversation should go on far after the panel has ended. And I invite each of you to take part in that conversation.
This piece will probably be published in the IAPP monthly magazine in February, but since many of you aren't part of the IAPP, I thought I'd share it here as well. I think many of the themes here are applicable for privacy pros and non-privacy pros alike.
____________________________________________________________________
At the IAPP Privacy Summit in DC this March, I’m proud to tell you that I’m participating in what I think is both an interesting as well as important panel. Namely, Privacy Career Planning: Guidance from Successful Privacy Leaders. My co-panelists, representing some of the smartest in our profession, will discuss different privacy structures and roles, and share insights into how each organization embraces privacy as a career path. I’m particularly excited to take part in this because I don’t think we talk about this kind of stuff enough as privacy professionals. In fact, I’m so eager to talk about this that I couldn’t wait until March to get things rolling. So, in the spirit of beginning the conversation, I’d like to share a few observations about the privacy profession.
It’s going to take another 5 - 10 years for the role(s) of the privacy professional to solidify.
For some this may seem hard to believe given that it’s been over a century since Brandeis penned the “right to be left alone” article, and over 30 years since the development of the Fair Information Practices. But the reality is that we’re still in the nascent stage of privacy as a profession and a career path. And I see that as a positive thing. There’s some room to grow here. In fact, if you think about it, the opportunities in front of us are staggering. But this means we don’t necessarily have anything resembling a ‘typical‘ corporate privacy office, a ‘typical’ privacy consulting firm, or even a ‘typical’ privacy role.
Privacy offices emerge out of different needs and amidst very different organizational structures and cultures. My roots are in law and interactive marketing, so I tend to approach things from a different mindset than say, someone coming from the auditing world. Similarly, it stands to reason that a privacy office which sits in a corporate legal department is going to have a very different outlook, and a different approach from that of a privacy office residing in the compliance, or marketing, or finance division. I think this is going to change, but I also think such change will be gradual. And I REALLY think that we in the privacy profession can have a significant impact on what our ultimate job functions look like. (Notice I wrote that we “can,” not that we “will.”)
Just as privacy offices are in flux, and privacy roles are changing, the career path of the privacy professional is a moving target.
Bear with me on taking a minor diversion, but I’ve noticed that many of us tend to get mired in the (current or proposed) law or regulation du jour or the latest social issue, or the latest process improvement. We could all benefit from taking a step back and looking at the proverbial big picture and our place within the organization as a whole. So the question shouldn’t necessarily be, “Is your current job title a destination or a journey?” Rather, the question one should be asking as a privacy professional is “how can I use my unique skill set to create positive change within my organization?” Through this lens, it is much easier to see your job title as a journey – and an interesting one at that.
Privacy skills should be PART of your toolkit – not the entire toolkit.
It seems to me that if you have insight into the processes around safeguarding data, you may also have insight into processes around leveraging that same data to create value. For example, you may be able to help build trust metrics for online communities. Or you may have insight into customer outreach via permissions management programs.
Some of the aforementioned projects do not lend themselves to what I would characterize as traditional privacy roles. Nevertheless, they are challenges faced by businesses every day. And, more importantly, they are challenges which many in the privacy profession are well suited to address. By definition, if you are reading these words, you are in possession of a unique set of skills. Use them to address your organizational obstacles without worrying about whether it is technically within the ambit of the privacy function and I’m sure you’ll see your career prospects soar.
Be willing to roll up your sleeves
I know we’re all busy. And amidst all this activity, it’s pretty easy to settle into a routine. And if that routine does not include regular interaction with other business units, you’re not going to be as effective as you’d like.
It’s not simply about crafting a compliance checklist and throwing it over the wall to the folks in marketing. And it’s not about setting up a one-time breakfast meeting with a colleague from IT. As privacy professionals, we need to have regular and consistent involvement in the other business units of your organization. Like my friend Reed Freeman likes to say, “Invite yourself to meetings.” Expanding your influence, exposure and value within the organization is an ongoing process that requires a significant commitment of time and energy. But if you make that commitment, I can tell you from experience that you’ll have a much easier time achieving your objectives – and you’ll probably have a more interesting and satisfying work experience and career trajectory.
This is just the Beginning
I really see this as simply the beginning of the conversation. In other words, don’t worry – I’ve got lots more to say on this topic – and will, at the March Summit. And my fellow panelists also have some fantastic perspectives and experience to share. What’s key for me, is that the conversation should go on far after the panel has ended. And I invite each of you to take part in that conversation.
