So you want to be a privacy pro?

Computerworld - It's an increasingly familiar scene: The IT manager lingers after a meeting with the chief privacy officer (CPO) to see how he, too, can become involved in privacy, the defining issue of the Information Age. Why is this happening in my company and others? Probably because IT pros know better than anyone how personal data needs to be protected, and they're motivated to make things right. But before you make the big leap from IT to privacy, run through this checklist to see if the move is right for you.

Step 1: Find out if you'd actually like the daily tasks.

The mission to protect people's privacy can be very inspiring—but the reality within your company may be quite different. The privacy function where I work encounters a great variety of challenges because we operate in many industries and countries. But if your company serves a single industry—such as finance or health care—and you have offices only in North America, your job may be limited to routine compliance tasks that are more distant from the mission of protecting people's privacy.

What makes up the daily life of a privacy professional? The best sources of information on the profession are the International Association of Privacy Professionals (IAPP) and the Ponemon Institute. Their 2005 joint survey discovered that privacy officers spend roughly half their time on three activities: responding to incidents, developing and implementing policies, and advising the organization on proper privacy practices. (For a breakdown of the results, see the table below.) Go to page 2>>

Privacy Professional Key Duties Managers involved in IT governance may find several familiar tasks in a privacy job, but some tasks – such as analyzing privacy regulations and providing privacy consulting to the company – are likely to be new territory. Core activities % of total time Responding to incidents 19 Developing and implementing policies and guidance 14 Advising/consulting the organization 13 Administration (personnel and budget) 9 Developing and performing training and communications 8 Developing privacy strategies 7 Analyzing regulations 7 Performing risk assessments and data inventories 5 Monitoring and measuring compliance (enforcement) 4 Reporting to management 2 Other 12 Source: International Association of Privacy Professionals and the Ponemon Institute's 2005 survey of 224 privacy professionals

Everybody wants top-level support for their projects. But for a function as new and undefined as privacy, it's essential. Without it, you could easily find yourself in a career cul de sac, spending years in the bureaucratic wilderness without meaningful results. How can you tell if privacy is valued by your company?

First, look at who the privacy leader reports to. Ideally, it's directly to the CEO, so that the privacy perspective has an equal and independent voice in the boardroom. It's still a strong sign if privacy reports to a C-level board member.