Chief Privacy Officer
Variations of position:
Corporate privacy officer; director of corporate privacy; executive director of corporate privacy. Chief privacy officer (CPO) is a fairly new executive-level position, so the role isn't set up exactly the same at any two companies.
But this isn't a bits-and-bytes position; it's more about setting strategy and policy. Fundamentally, the person must be a great communicator, diplomat, missionary, politician, change agent and manager.
The CPO will often, if the job is set up effectively, have a say in whether a project or product will be launched, based on security concerns. He or she must understand the issues faced by the marketing group, for example, and why they may want to use some customer data for a particular reason. The CPO will often have to mediate disputes among groups that want to use the same customer information for different purposes.
"The CPO has to understand the corporation's business -- what a company really intends to do with data," says Larry Kushner, president and CEO of L.J. Kushner & Associates, a privacy search firm in Freehold, N.J. "An effective CPO will enable the company to maximize its use of information without upsetting customers and the public."
The ability to work with the media, and with "critics," is also key, according to Alan Westin, head of the Corporate Privacy Officer program and president of Privacy & American Business in Hackensack, N.J. "Some in the company will see you as unnecessary, an impediment to profits and a crazy notion of the CEO," Westin adds. Other skills needed for effective CPOs, he says, include information collection, trend analysis and group processes.
A legal background, or at the very least, an understanding of the major related privacy laws and ethical issues, is also important. In many companies, the CPO reports into the chief legal officer.
Nothing specific -- yet. This may come in time, as more CPOs are named and the job requirements become more standardized.
Typical day on the job:
Career path options:
This isn't apparent yet. Most of the existing CPOs have been named in the past year and are still in the job.
Limited right now to very large companies that are doing a significant amount of their business on the Internet, or to those whose business revolves entirely around the 'Net. Security guru Westin expects there to be "hundreds to thousands" of CPOs in place by 2003 -- still not a huge market.
$200,000 to $250,000 -- plus a bonus and, perhaps, stock options. Other executive-level perks may accrue, including a company car.
Best types of companies to work for: Banks, brokerages, pharmaceuticals -- any firm with a legal requirement to protect customers' data. Other possibilities are the huge multimedia giants, including AOL/Time Warner, according to privacy recruiter Kushner. "They've got multiple business units -- books, records, video, etc.-- sharing customer data." That's the type of potential conflict ready-made for a CPO, he says.
About the author:
Ambrosio is a freelance writer in Marlborough, Mass. Contact her at email@example.com.
For more information:
Learn more about privacy and policy setting in our Special Report.
Dig Deeper on Information Security Jobs and Training