Young privacy pros make their way onto the scene
By Angelique Carson, CIPP/US
Young professionals are increasingly entering the field of privacy. The IAPP asked a few of them some questions about how they got into the field, what they see as the most pressing issues and where they see their careers heading.
Natasha Nanji, 27
|Andrew Schlossberg, 22
Honors Paralegal, Mobile Technology Unit, Bureau of Consumer Protection, Federal Trade Commission
|Patricia Shorey, 26
Advisory Services, Ernst & Young
|Michael Jones, 29
Global Privacy Program Manager, Monster Worldwide
The Privacy Advisor: What was your introduction to privacy? How did you get your start, and why did it interest you?
Natasha Nanji: I basically fell into privacy when I started at my current position and was quickly brought up-to-speed on the various requirements of Canada’s regulatory regime.
I found privacy to be immediately interesting because of how pervasive the issues were. While I’d always been reluctant to share personal information on social media sites, I was never fully aware of how much of a digital footprint I left and how it followed “me”—or at least my IP address—everywhere. To be honest, I was completely alarmed and wanted to understand what was going on in the backend.
Andrew Schlossberg: Interestingly enough, my introduction to privacy occurred in Europe. I studied abroad in Belgium during college, and I interned at an EU-lobby law firm that dealt with a wide range of issues including data protection. When I returned to the US, I decided to enroll in an Internet policy class, and through several contacts I made while writing my final paper, I attended the 2010 IAPP Privacy Academy in Baltimore as a scholarship student. Initially, given my concentration in international relations, I was interested in privacy because of its national security element—balancing the right to privacy with governmental need to share information necessary to combat terrorism. However, my interests have since broadened into more general issues of law and technology.
Patricia Shorey: I started doing privacy work during my second year of law school. I had interned in the internal audit department of an insurance company during undergrad. They knew I had gone on to law school, so when their privacy team was looking for a law school intern to help with legislative and case law tracking, their HR department contacted me. I interviewed and took the job.
When it came time to register for classes for the fall of my third year of law school, I noticed that Trevor Hughes, CIPP/US, was offering a privacy course with the opportunity to sit for the CIPP exam. Because of the work I had been doing in privacy, I started noticing that privacy issues were in the news on a regular basis. I realized how relevant and important the work our privacy team was doing was, so I enrolled in Trevor’s course to learn more about the field. This led to an externship at the IAPP for the spring semester, which led to my current position at Ernst & Young following graduation and the bar exam.
Michael Jones: I was introduced to privacy during law school. I joined the staff of the I/S journal of Law and Policy for the Information Society at Ohio State, which produces one issue each year solely dedicated to privacy. Although I learned about privacy as a field of study while working on the journal, it touched on something I was interested in long before law school: the choices we have online regarding forming and sharing our identities. I got my start thanks to Peter Swire, CIPP/US, a professor at Ohio State and former privacy advisor to the U.S. Office of Management and Budget, who pointed me toward a job opening for an entry-level privacy professional at Monster.
The Privacy Advisor: Where do you work now and what does it entail?
Nanji: I work in public affairs at the Canadian Marketing Association, focusing largely on marketing-related privacy issues, especially in the digital space. I strive to balance the needs of marketers to contact consumers with privacy legislation and industry best practices. I am engaged on issues pertaining to email marketing, social media and behavioral advertising.
Schlossberg: I work on the FTC's Mobile Technology Unit, which is part of the Division of Financial Practices in our Bureau of Consumer Protection (BCP). My duties range from investigating potential deceptive mobile apps to drafting reports to senior staff on a wide range of practices in the mobile marketplace to assisting other BCP divisions on their cases with a mobile element. Our unit was created less than two years ago, so it’s been an exciting time to work on cutting-edge technology issues.
Shorey: I work in the Ernst & Young privacy practice. Most of the work we do falls under one of three categories—assessments, remediation and assurance, where we provide privacy audit reports like Service Organization Controls. Some of the professionals in our practice focus only on one or two of these categories. However, as a “young privacy pro” I get to work on engagements across these areas and gain a broad range of experiences. Every once in a while I get to travel for work, including internationally. I like that part of the experience; it’s not constant and not overly taxing.
Jones: I work at Monster Worldwide, the parent company of websites including monster.com, fastweb.com and military.com. My responsibilities stretch across all Monster properties in the 50 countries in which we have a presence. The Privacy Office embraces the concept of Privacy by Design, and one of my primary responsibilities is working with our product group to develop products that respect the privacy choices made by our users. I also review contracts, perform internal privacy reviews, respond to privacy complaints and train staff on privacy best practices.
The Privacy Advisor: Do you have any thoughts on where you’d like to take your privacy career?
Nanji: Digital fascinates me. I’d like to be in a position to draft and influence policy as we continue to balance the needs of innovation and personal privacy.
Schlossberg: I plan to attend law school after I leave the FTC. I've been thinking a lot about my career beyond that, and at this point, I'd like to get exposure to as many parts of the privacy landscape as possible. I'm working in government now, but I hope to explore other opportunities at a firm, nonprofit, in-house or clerking for a judge. I'd also like to spend some time back in Belgium working on EU data protection issues—I think the differing privacy frameworks between the EU and U.S. are fascinating, and I would like to play a part in bridging the differences.
Shorey: Absolutely. I’m gunning for Trevor’s job.
Jones: Ultimately, I’d like to be a chief privacy officer. Privacy professionals address challenges across a variety of fields including law, economics and psychology. I can’t think of a better way to stay engaged in such a multifaceted field.
The Privacy Advisor: What kinds of privacy issues seem to be most prevalent these days? What are the hot topics?
Nanji: At least for my industry, I would have to say behavioral advertising and the entire notion of Big Data. What is being tracked, by whom and can it be tied to me as an individual? How much should a person be required to reveal in order to utilize a service, and how do we legislate consent?
Schlossberg: Certainly privacy issues related to mobile devices, and my unit—and bureau—have been very active in this space recently. There are so many unanswered questions about the emerging app ecosystem, and our agency has been staying ahead of the curve by encouraging app developers to build in privacy in their products while ensuring that consumers are not deceived when using them. Another hot topic is mobile payments—the FTC held a workshop last March exploring the privacy and security issues behind this emerging industry. For consumers, mobile payments can be an easy and convenient way to pay for goods and services, obtain discounts through mobile coupons and earn or use loyalty points. However, with so many different players involved, from banks, merchants and payment card networks to operating system manufacturers, mobile phone carriers and payment app developers, there are obvious privacy issues to consider as well.
Shorey: I can’t pick a particular topic that I think is gaining more attention than others right now. We do quite a bit of work helping companies meet Binding Corporate Rules (BCR) status. The interest in BCR has grown tremendously in the last year. Privacy issues correlate with changes in technology and the use of information. We work with clients on privacy and smart grid, electronic health records, cloud computing and social media to name a few, but a common theme we see in our practice is a focus on accountability.
We see our clients becoming more concerned about privacy issues as their own clients and other stakeholders seek to hold them accountable for their privacy practices. We are seeing an increase in interest in privacy Service Organization Controls 2 (SOC 2) reports from our clients, which provide assurance based on the Trust Services Principles and Criteria, demonstrating the growing importance of accountability for privacy practices.
Jones: Behavioral advertising continues to be one of the most discussed topics. It’s part of the larger discussion surrounding the definition of personally identifiable information. Historically, we’ve taken a binary approach to classifying information: whether it’s identifiable and whether it’s public. The growth of Big Data and social networking have made it clear these concepts exist on a continuum, and as an industry we are still working through how to develop laws and policies to reflect this new understanding.
The Privacy Advisor: Now that you’re in the field, what advice would you give to a student considering going into work as a privacy professional?
Nanji: By virtue of our generation, trust in your knowledge base. While you may not have years of work experience, you’ve garnered a wealth of practical knowledge through your daily life. Privacy is a dynamic and constantly changing field—just go with it; you’ll be shocked by how many things it touches.
Schlossberg: I'm not sure I'm qualified to give advice this early in my career, but I would recommend that a student be very flexible and try not to plan too far ahead in his/her privacy career. This field is rapidly changing, so it's not always clear what types of opportunities will be available. The key is to build a professional network and to continue to learn as much as possible about the field.
Shorey: I would advise students interested in any profession to gain as much hands-on experience as possible while in school, whether it is through internships or volunteer work. It will help students learn about themselves and their interests, as well as find mentors to help them navigate their career paths and serve as resources when questions arise in the field. Furthermore, little is more valuable to an employer than a candidate with practical experience.
Jones: Learn a variety of skills, with focus on technology and data flow. A cursory understanding of servers and databases won’t cut it. Go global—data is fluid, and it will only be a matter of time before you are working across multiple countries and regulatory schemes.
If you’re a young professional looking to get more involved in the profession, contact IAPP Member Engagement Manager Katherine Gilchrest at firstname.lastname@example.org.
Read more by Angelique Carson: