Additional Information
This is a new and evolving profession. As a result, the training and education
for chief privacy officers is also evolving.
"I don't think there's necessarily a right or wrong answer to that because,
as of yet, there's no well-worn path," says Michael Spadea. He's a privacy
manager with Microsoft.
"With privacy, people come from a compliance background, a technology
background, a legal background," Spadea adds. (He happens to be a lawyer.)
"I think if you speak to a lot of [privacy officers] they fell into it
from different areas." Privacy officers need to be familiar with the following:
Law and policy-making, ranging from legislation to regulatory issues
Marketing, because many privacy concerns are related to how personal
information is used to reach out to people without violating their rights
Technology
Privacy officers often have studied business, law or information technology
(or some combination of these) at university. Many privacy officers are lawyers.
"To me it's not so much the degree as the skill set you bring with you,"
says Spadea.
"You need to know the substantive piece -- the legal. But... today privacy
officers are very much driving change in the organizations that they're in,
so they need to have, for example, project management basics and they need
to be [able to talk] with their technology and IP and security folks."
Spadea recommends getting a degree in either information technology or
business. But he stresses that privacy officers have various backgrounds.
"I'd have to say that most privacy officers are lawyers -- they've got
a JD and have started with that kind of training," says Merri Beth Lavagnino,
a CPO.
"I have not. I came from the technical ranks up to this, but many come
from the lawyer ranks, so it's an interesting blend. It depends maybe on your
organization, which way you need to go."
Chief privacy officer is not an entry-level position, so you'll first need
to get at least a few years of work experience as you build your skills and
knowledge.
"If you have a passion for the field, if you have an interest in privacy
as an issue, you could probably get there from a lot of different ways," says
Spadea. "I think the emphasis these days needs to be on the skills that you
bring."
Privacy officers can seek professional certification. This gives the public
and employers reassurance that the privacy officer is well trained and up
to date with the latest developments. Certification generally requires a combination
of work experience and classroom training.
The International Association of Privacy Professionals (IAPP) offers certification.