What Makes a Good Privacy Officer?
Recently, as I was speaking to a talented group of law students, I was asked the above question. This has also been a related theme underlying some of the recent posts on the IAPP Privacy List. I’m not sure if this list is what those who want to enter the privacy field should cultivate in themselves, what current privacy officers are like or what we should be aiming for as a profession.
To build this list, I searched online for the top 10 traits or characteristics of compliance officers, salespeople, CEOs and managers. In essence, I could stop this blog entry now—that is what we are and should be: compliance officers, salespeople, CEOs, managers and let’s include janitors as well. In fact, let’s look at it that way: What job skills does one need to be an effective privacy officer? If we were to brew the perfect privacy officer, what career fields would we throw into the kettle?
Compliance Officers: In effect, this is what we are. We have a law, rule or regulation that we need to follow. We make sure the company follows this certain law, rule or regulation. We are a cost center. We do not make a profit for the company. We do, however, save the company lots of money. Please do funnel those horrible headlines past your executive committee to show them what you are worth.
Sales: We sell. We sell compliance. We sell the need to do the right thing, even if there is no law, rule or regulation stating what we should do. We sell Privacy by Design. We sell having us in the opening bid of a project. We sell our benefit to the company. We identify the needs, the underlying support, the future benefit and our allies as well as our antagonists. We bring our persuasive skills to the table and close the deal.
CEOs: I borrowed material for this one from Stephen D. Simpson’s “Top Qualities of an Effective CEO.” A good privacy officer runs the department like a successful CEO. S/he needs vision, execution, organization, candor with compassion and pragmatism. S/he needs to be in the right markets at the right time, to drive hard bargains—but not too hard—and to manage for the future, not the mirror. If we as privacy officers are not in the right market at the right time, we miss the privacy boat. We get stranded on the privacy island or get voted off it.
Managers: I borrowed this one from Jacob Morgan’s “5 Must-Have Qualities of the Modern Manager.” As privacy officers, we must be good managers. We need to follow from the front and make sure our employees succeed—when we yell jump, jump with them. We must understand technology—especially in our digital world. We must lead by example, embrace vulnerability and believe in the collective intelligence. Rarely do people comply with a mandate because it is a mandate. Foster understanding in order to foster compliance.
Social Workers: Social workers serve an incredibly valuable role in our society—often dealing with vulnerable populations. To be an effective social worker, one needs empathy, dependability, patience and a slew of efficient, effective and inexpensive resources. S/he must be creative and open-minded yet willing to take on the challenges, including the drudgery of paperwork. Know when to walk quietly, carry a big stick and know when to run in the other direction—calmly and with authority.
Investigators: Investigating is a natural fit for our job as we frequently are investigating complaints and breaches. But what traits do we need as investigators? We need to be perceptive, stubborn, questioning and detail-oriented. We need to keep good notes and be able to connect seemingly unconnected events and facts. We need to be inquisitive and not hesitate to ask the hard questions—out loud—sometimes just to hear how ridiculous they are.
Inventors: “Necessity is the mother of invention.” But it takes someone who is willing to think beyond preset boundaries and create something new. Perhaps it’s an easier way of doing something, or it involves making a program more streamlined and efficient—a little tweak that makes something much easier than it once was. Some privacy officers create a program from nothing, and others have nothing with which to run the program. Regardless, we all hope to see a return on investment.
Mechanics: Mechanics run the gamut of the shady-tree mechanic to the luxury jet mechanic, and so do privacy officers. Some have elite background and training, while others learned the trade organically and grew up with it. Neither one is better than the other. They’re just varied in credentials and background. But like me taking my car into the shop and duplicating the dinging it does when I take a left turn, colleagues don’t always know something is wrong with their data practices. It just sounds wrong. Privacy officers are left to identify what is broken, trusted to fix it and expected to keep the cost down—oh, and have it ready for pickup this afternoon with a full body detail and the tires done.
Airline attendants: Let’s be friendly, attractive and provide excellent service while keeping everyone safe. Smiling, yet firm. And yes, you have heard this a hundred times before: The plane may be different; the law is not. Just do what you need to do, correctly, when required, and we will make sure you get where you need to be. Oh, and don’t sit in the exit row unless you are willing to help everyone else. Coffee, anyone?
Janitors: Same garbage, different day. But if we weren’t here to clean it up, the world would be in a rough place.
This list is limited to 10 because 10 seems to be the magical number for such considerations, but I bet there are lots of others. What career field would you choose to compare to being a privacy officer? Picture yourself explaining your job to a bunch of six-year-olds … What do you say?
About the Author
K Royal, CIPP/US, CIPP/E, is privacy counsel at Align Technology and has over 20 years of professional experience in the legal and health-related fields. Royal has a particular interest in the relationship between health and technology—such as telesurgery, bioethics and privacy. As an attorney, she has been recognized as a Forty-under-40 honoree for Phoenix, as an educational leader through the YWCA and as one of the top pro bono attorneys in Arizona. Royal is currently an in-house global privacy counsel and finishing her PhD in public affairs.