companies are still in their first generation of chief privacy officers, and few of the CPOs I know have moved on to other roles. But in privacy, there's no such thing as a career path. In IT, you're probably familiar with a predictable career path that ultimately leads up to being CIO. An ideal privacy team would include an attorney, a technologist, a marketer and a project manager to reflect the skill sets most often needed to produce privacy solutions. If you're in a Fortune 500 company dealing in customer information, the privacy function will need at least a few full-time equivalents and a budget sufficient to fund a few enterprise-scale projects. If privacy is in the legal, compliance or technology departments, its role in your company will probably be narrow and more tactical.įinally, scope out the resources allocated to privacy. Ideally, it'll be in the marketing or risk departments so that it takes a strategic approach. Second, if privacy doesn't report to the CEO, look at where it's positioned in the organization.
It's still a strong sign if privacy reports to a C-level board member. Ideally, it's directly to the CEO, so that the privacy perspective has an equal and independent voice in the boardroom. How can you tell if privacy is valued by your company?įirst, look at who the privacy leader reports to. Without it, you could easily find yourself in a career cul de sac, spending years in the bureaucratic wilderness without meaningful results. But for a function as new and undefined as privacy, it's essential. Step 2: Find out if you'd have direct C-level support.Įverybody wants top-level support for their projects.
Source: International Association of Privacy Professionals and the Ponemon Institute's 2005 survey of 224 privacy professionals Monitoring and measuring compliance (enforcement) Performing risk assessments and data inventories Core activitiesĭeveloping and implementing policies and guidanceĭeveloping and performing training and communications Managers involved in IT governance may find several familiar tasks in a privacy job, but some tasks – such as analyzing privacy regulations and providing privacy consulting to the company – are likely to be new territory. But if your company serves a single industry-such as finance or health care-and you have offices only in North America, your job may be limited to routine compliance tasks that are more distant from the mission of protecting people's privacy. The privacy function where I work encounters a great variety of challenges because we operate in many industries and countries. The mission to protect people's privacy can be very inspiring-but the reality within your company may be quite different. Step 1: Find out if you'd actually like the daily tasks. But before you make the big leap from IT to privacy, run through this checklist to see if the move is right for you. Why is this happening in my company and others? Probably because IT pros know better than anyone how personal data needs to be protected, and they're motivated to make things right. It's an increasingly familiar scene: The IT manager lingers after a meeting with the chief privacy officer (CPO) to see how he, too, can become involved in privacy, the defining issue of the Information Age.
0 kommentar(er)
