At the IAPP Privacy Summit 07 in D.C. next month, Alan Chapell will participate in a panel, Privacy Career Planning: Guidance from Successful Privacy Leaders. His co-panelists, representing some of the smartest in the profession, will discuss different privacy structures and roles, and share insights into how each organization embraces privacy as a career path. Chapell - eager to get the conversation started on a topic that he believes gets short shrift - is sharing a few observations about the privacy profession.
It's going to take another 5 - 10 years for the role(s) of the privacy professional to solidify.
For some, this may seem hard to believe given that it's been over a century since Brandeis penned the "right to be left alone" article, and more than 30 years since the development of the Fair Information Practices. But the reality is that we're still in the nascent stage of privacy as a profession and a career path - which I view as a positive thing. There's some room to grow here. In fact, the opportunities in front of us are staggering. But this means we don't necessarily have anything resembling a ' corporate privacy office, a 'typical' privacy consulting firm, or even a 'typical' privacy role.
Privacy offices emerge out of different needs and exist within different organizational structures and cultures. My roots are in law and interactive marketing, so I tend to approach things from a different mindset than say, someone coming from the auditing world. Similarly, it stands to reason that a privacy office which sits in a corporate legal department is going to have a different outlook and approach from a privacy office residing in the compliance, or marketing, or finance division. I think this is going to change, but this change will be gradual. And I REALLY think that privacy pros can have a significant impact on what our ultimate job functions look like. (Notice I wrote that we "can," not that we "will.")
Just as privacy offices are in flux, and privacy roles are changing, the career path of the privacy professional is a moving target.
Bear with me on taking a minor diversion, but I've noticed that many of us tend to get mired in the (current or proposed) law or regulation du jour or the latest social issue, or the latest process improvement. We could all benefit from taking a step back and looking at the big picture and our place within the organization as a whole. So the question shouldn't necessarily be, "Is your current job title a destination or a journey?" Rather, the question one should be asking as a privacy professional is, can I use my unique skill set to create positive change within my organization?" Through this lens, it is much easier to see your job title as a journey - and an interesting one at that.
Privacy skills should be PART of your toolkit - not the entire toolkit.
It seems to me that if you have insight into the processes around safeguarding data, you also may have insight into processes around leveraging that same data to create value. For example, you may be able to help build trust metrics for online communities. Or you may have insight into customer outreach via permissions management programs.
Some of the aforementioned projects do not lend themselves to what I would characterize as traditional privacy roles. Nevertheless, they are challenges faced by businesses every day. And, more importantly, they are challenges which many in the privacy profession are well-suited to address. By definition, if you are reading these words, you are in possession of a unique set of skills. Use them to address your organizational obstacles without worrying about whether it is technically within the ambit of the privacy function - and I'm sure you'll see your career prospects soar.
Be willing to roll up your sleeves.
I know we're all busy. And amidst all this activity, it's pretty easy to settle into a routine. And if that routine does not include regular interaction with other business units, you're not going to be as effective as you'd like.
It's not simply about crafting a compliance checklist and throwing it over the wall to the folks in marketing. And it's not about setting up a one-time breakfast meeting with a colleague from IT. As privacy professionals, we need to have regular and consistent involvement in the other business units of your organization. Like my friend Reed Freeman likes to say, "Invite yourself to meetings." Expanding your influence, exposure and value within the organization is an ongoing process that requires a significant commitment of time and energy. But if you make that commitment, I can tell you from experience that you'll have a much easier time achieving your objectives - and you'll probably have a more interesting and satisfying work experience and career trajectory.
This is just the beginning.
I really see this as simply the beginning of the conversation. In other words, don't worry - I've got lots more to say on this topic - and will, at the March Summit. And my fellow panelists also have some fantastic perspectives and experience to share. What's key for me, is that the conversation should go on far after the panel has ended. And I invite each of you to take part in that conversation.
Alan Chapell, CIPP, is President of Chapell and Associates, a strategic consulting firm that helps companies develop sound privacy programs. Chapell is known for his work in the establishment of best practice standards for privacy and responsible marketing. He is recognized as a leading writer and frequent speaker on privacy, permissions management, mobile marketing and behavioral targeting. He may be reached at