Skip the navigation

So you want to be a privacy pro?

November 11, 2005 12:00 PM ET

Computerworld - It's an increasingly familiar scene: The IT manager lingers after a meeting with the chief privacy officer (CPO) to see how he, too, can become involved in privacy, the defining issue of the Information Age. Why is this happening in my company and others? Probably because IT pros know better than anyone how personal data needs to be protected, and they're motivated to make things right. But before you make the big leap from IT to privacy, run through this checklist to see if the move is right for you.

Step 1: Find out if you'd actually like the daily tasks.

The mission to protect people's privacy can be very inspiring—but the reality within your company may be quite different. The privacy function where I work encounters a great variety of challenges because we operate in many industries and countries. But if your company serves a single industry—such as finance or health care—and you have offices only in North America, your job may be limited to routine compliance tasks that are more distant from the mission of protecting people's privacy.

What makes up the daily life of a privacy professional? The best sources of information on the profession are the International Association of Privacy Professionals (IAPP) and the Ponemon Institute. Their 2005 joint survey discovered that privacy officers spend roughly half their time on three activities: responding to incidents, developing and implementing policies, and advising the organization on proper privacy practices. (For a breakdown of the results, see the table below.) Go to page 2>>

Privacy Professional Key Duties

Managers involved in IT governance may find several familiar tasks in a privacy job, but some tasks – such as analyzing privacy regulations and providing privacy consulting to the company – are likely to be new territory.

Core activities % of total time
Responding to incidents 19
Developing and implementing policies and guidance 14
Advising/consulting the organization 13
Administration (personnel and budget) 9
Developing and performing training and communications 8
Developing privacy strategies 7
Analyzing regulations 7
Performing risk assessments and data inventories 5
Monitoring and measuring compliance (enforcement) 4
Reporting to management 2
Other 12

Source: International Association of Privacy Professionals and the Ponemon Institute's 2005 survey of 224 privacy professionals

Step 2: Find out if you'd have direct C-level support.

Everybody wants top-level support for their projects. But for a function as new and undefined as privacy, it's essential. Without it, you could easily find yourself in a career cul de sac, spending years in the bureaucratic wilderness without meaningful results. How can you tell if privacy is valued by your company?

First, look at who the privacy leader reports to. Ideally, it's directly to the CEO, so that the privacy perspective has an equal and independent voice in the boardroom. It's still a strong sign if privacy reports to a C-level board member.

Our Commenting Policies