Business leaders are progressively becoming more aware that they need to manage data privacy in their organizations better. Most are feeling pressure to stay on top of compliance with a raft of new privacy laws. Although, some forward-thinking leaders are also beginning to see privacy can be a strong competitive differentiator.
Technology companies like Apple are leading the way in some markets, noted TrustArc CEO Chris Babel during a recent industry panel on privacy trends. He pointed to advertising by the tech giant highlighting stronger data privacy as a must-have for its customers – in other words, privacy is a key selling point.
Traditionally, privacy was seen as something to be handled by legal teams to ensure compliance. However, as Babel pointed out if businesses want to generate commercial value from their privacy stances, they need to make it a bigger strategic priority.
High Demand for Talent to Fill Data Privacy Jobs
The challenge for all organizations that want to make data privacy a selling point is securing the talent to fill data privacy jobs, from hiring more data privacy experts into their legal teams to engaging specialist privacy engineers to improve product design and service delivery.
The TrustArc 2022 Global Privacy Benchmarks Report found most respondents clearly recognized they need more data privacy experts:
- 42% of respondents see increasing demand for privacy roles in their companies
- More than two-thirds agree (44%) or strongly agree (27%) their organizations should be doing more on privacy
- 80% of respondents say they measure privacy, but they’re struggling to translate this into success because there is no clear consensus on methods or KPIs.
In-demand data privacy jobs
While many of the names for data privacy job titles being advertised in 2023 are fairly new, they still tend to appear under technology, operations, and legal functions:
- Technology – security advisor IT security and privacy; senior privacy engineer; data protection endpoint security ops; director data architect data security; privacy program manager; privacy analyst data; cyber data protection manager
- Operations – head of compliance & privacy; operational risk officer privacy; data security business analyst; chief privacy officer
- Legal/general counsel office – senior privacy counsel; data privacy counsel; senior associate data privacy; public policy manager privacy & cybersecurity.
A key trend in these data privacy job descriptions is that you don’t need to be a lawyer to work in data privacy unless you want to be the privacy counsel.
TrustArc, for example, advertises a growing number of engineering, product, and design roles, particularly in DevOps and software development.
Chief Privacy Officer and Data Protection Officer Responsibilities are Growing
In the U.S., businesses that appoint an executive in charge of data privacy might use a range of job titles, from chief privacy officer to privacy counsel or even privacy leader.
Some businesses will also engage a data protection officer (DPO) in-house to manage compliance with the GDPR and related data privacy laws. Or, the DPO role can be contracted to an individual consultant or a specialist organization.
Watch TrustArc’s data privacy program foundations video to learn more about whether you need in-house privacy roles:
Chief privacy officer job description
The chief privacy officer (CPO) role has recently been elevated to the senior executive level as companies grasp its necessary strategic value.
The job description of the modern CPO includes:
- Holding qualifications in law, governance, and/or information security
- Managing data privacy impact assessments for new cross-border data initiatives
- Developing strategies and procedures for managing data inventories
- Directing policies, procedures, and processes to ensure up-to-date compliance with state, federal and international data privacy regulations, including the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA) and the New York Consumer Privacy Act (NYPA)
- Educating other executives on the company’s privacy stance and collaborating with senior management and corporate compliance officers to set governance for the company’s privacy program, including ongoing privacy training across the workforce.
Data protection officer job description
Under the GDPR, businesses that monitor and process EU/UK citizens’ personal data are required to appoint a data protection officer (DPO) with legal expertise.
In fact, Article 37 GDPR states:
“The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfill the tasks referred to in Article 39.”
Article 39 GDPR provides an outline of a data protection officer job description, including:
- Informing and advising the controller or processor and employees who process data of their GDPR obligations
- Monitoring personal data protection compliance under the GDPR and other EU/member state data protection provisions and the policies of the controller or processor
- Providing advice on the data protection impact assessment and monitoring its performance
- Cooperating with the supervisory authority.
Privacy Jobs Likely to Follow Growth Trends Set in Cybersecurity
There are now plenty of privacy jobs for people with technical and legal experience who might previously have filled data security roles, noted Lauren Reid, privacy and digital ethics consultant at The Privacy Pro, during a July 2022 TrustArc Serious Privacy podcast.
She admitted she was initially disappointed with how the role was pitched because she wanted a job in the hot cybersecurity space. Still, she’s since enjoyed a fulfilling career specializing in privacy and data protection.
Privacy analysts predict data privacy openings will follow a similar path to the cybersecurity job market, where large companies pay chief information security officers and chief risk officers $500,000–$1 million+ compensation packages.
These offers make it hard for small-to-medium companies to compete for talent even when, on average, they must pay $250,000–$500,000 for their senior cyber and risk executives. By 2025, there are expected to be 3.5 million unfilled cybersecurity jobs.
In early January 2023, job market analysts reported chief privacy officers in the U.S. are already earning between $162,000 and $273,640 per year, depending on their data privacy certifications, education, and the number of years they’ve spent in the profession.
How much higher will these compensation packages go?