Problem solve Get help with specific problems with your technologies, process and projects.

Chief Privacy Officer: High profile, but limited demand

This is a job snapshot of a Chief Privacy Officer.

Job Title:
Chief Privacy Officer

Variations of position:
Corporate privacy officer; director of corporate privacy; executive director of corporate privacy. Chief privacy officer (CPO) is a fairly new executive-level position, so the role isn't set up exactly the same at any two companies.

The CPO works with multiple departments within a company to create a privacy policy that safeguards customers' data -- including, but not limited to credit card and other financial information, health information, employee records and virtually everything else. The second major part of the job is to make sure the policies are effectively communicated to employees and customers and that the company actually is living up to its promises. Third, the CPO must track privacy-related laws and ethical concerns both in general and within the company's specific industry.

Skills required:
This is a big job, with a broad background needed. The CPO must be conversant with technology -- specifically the Internet. The CPO needs to understand how the 'Net and its associated technologies -- browsers, cookies, caching, etc. -- work individually and together. This is particularly important for the CPO to work effectively with the IT group to make sure the company's systems are set up to follow the corporate privacy policy.

But this isn't a bits-and-bytes position; it's more about setting strategy and policy. Fundamentally, the person must be a great communicator, diplomat, missionary, politician, change agent and manager.

The CPO will often, if the job is set up effectively, have a say in whether a project or product will be launched, based on security concerns. He or she must understand the issues faced by the marketing group, for example, and why they may want to use some customer data for a particular reason. The CPO will often have to mediate disputes among groups that want to use the same customer information for different purposes.

"The CPO has to understand the corporation's business -- what a company really intends to do with data," says Larry Kushner, president and CEO of L.J. Kushner & Associates, a privacy search firm in Freehold, N.J. "An effective CPO will enable the company to maximize its use of information without upsetting customers and the public."

The ability to work with the media, and with "critics," is also key, according to Alan Westin, head of the Corporate Privacy Officer program and president of Privacy & American Business in Hackensack, N.J. "Some in the company will see you as unnecessary, an impediment to profits and a crazy notion of the CEO," Westin adds. Other skills needed for effective CPOs, he says, include information collection, trend analysis and group processes.

A legal background, or at the very least, an understanding of the major related privacy laws and ethical issues, is also important. In many companies, the CPO reports into the chief legal officer.

Certification/education requirements:
Nothing specific -- yet. This may come in time, as more CPOs are named and the job requirements become more standardized.

Typical day on the job:
"Most of my time right now is spent in operational meetings, because we're preparing to notify all the cardholders of our privacy policy," says Mark Lawrence, IT director & CPO of CompuCredit Corp. in Atlanta. "My role is to facilitate," he says. They're trying to determine if the privacy notices will go out with the regular monthly credit-card bills, or in a separate mailing and whom to notify pursuant to the law, he explains.

Other CPOs' days consist of training employees about the company's policies or being a spokesperson to the press or explaining the privacy policy to an irate customer, making executive presentations or meeting with others in the company to find out what their data needs are.

Career path options:
This isn't apparent yet. Most of the existing CPOs have been named in the past year and are still in the job.

Limited right now to very large companies that are doing a significant amount of their business on the Internet, or to those whose business revolves entirely around the 'Net. Security guru Westin expects there to be "hundreds to thousands" of CPOs in place by 2003 -- still not a huge market.

Salary range:
$200,000 to $250,000 -- plus a bonus and, perhaps, stock options. Other executive-level perks may accrue, including a company car.

Best types of companies to work for: Banks, brokerages, pharmaceuticals -- any firm with a legal requirement to protect customers' data. Other possibilities are the huge multimedia giants, including AOL/Time Warner, according to privacy recruiter Kushner. "They've got multiple business units -- books, records, video, etc.-- sharing customer data." That's the type of potential conflict ready-made for a CPO, he says.

About the author:
Ambrosio is a freelance writer in Marlborough, Mass. Contact her at [email protected]

For more information:
Learn more about privacy and policy setting in our Special Report.


This was last published in April 2001

Dig Deeper on Information security certifications, training and jobs