Alan Chapell

At the IAPP Privacy Summit 07 in D.C. next month, Alan Chapell will participate in a panel, Privacy Career Planning: Guidance from Successful Privacy Leaders. His co-panelists, representing some of the smartest in the profession, will discuss different privacy structures and roles, and share insights into how each organization embraces privacy as a career path. Chapell - eager to get the conversation started on a topic that he believes gets short shrift - is sharing a few observations about the privacy profession.

It's going to take another 5 - 10 years for the role(s) of the privacy professional to solidify.
For some, this may seem hard to believe given that it's been over a century since Brandeis penned the "right to be left alone" article, and more than 30 years since the development of the Fair Information Practices. But the reality is that we're still in the nascent stage of privacy as a profession and a career path - which I view as a positive thing. There's some room to grow here. In fact, the opportunities in front of us are staggering. But this means we don't necessarily have anything resembling a ' corporate privacy office, a 'typical' privacy consulting firm, or even a 'typical' privacy role.

Privacy offices emerge out of different needs and exist within different organizational structures and cultures. My roots are in law and interactive marketing, so I tend to approach things from a different mindset than say, someone coming from the auditing world. Similarly, it stands to reason that a privacy office which sits in a corporate legal department is going to have a different outlook and approach from a privacy office residing in the compliance, or marketing, or finance division. I think this is going to change, but this change will be gradual. And I REALLY think that privacy pros can have a significant impact on what our ultimate job functions look like. (Notice I wrote that we "can," not that we "will.")

Just as privacy offices are in flux, and privacy roles are changing, the career path of the privacy professional is a moving target.

Bear with me on taking a minor diversion, but I've noticed that many of us tend to get mired in the (current or proposed) law or regulation du jour or the latest social issue, or the latest process improvement. We could all benefit from taking a step back and looking at the big picture and our place within the organization as a whole. So the question shouldn't necessarily be, "Is your current job title a destination or a journey?" Rather, the question one should be asking as a privacy professional is, can I use my unique skill set to create positive change within my organization?" Through this lens, it is much easier to see your job title as a journey - and an interesting one at that.

Privacy skills should be PART of your toolkit - not the entire toolkit.
It seems to me that if you have insight into the processes around safeguarding data, you also may have insight into processes around leveraging that same data to create value. For example, you may be able to help build trust metrics for online communities. Or you may have insight into customer outreach via permissions management programs.

Some of the aforementioned projects do not lend themselves to what I would characterize as traditional privacy roles. Nevertheless, they are challenges faced by businesses every day. And, more importantly, they are challenges which many in the privacy profession are well-suited to address. By definition, if you are reading these words, you are in possession of a unique set of skills. Use them to address your organizational obstacles without worrying about whether it is technically within the ambit of the privacy function - and I'm sure you'll see your career prospects soar.

Be willing to roll up your sleeves.
I know we're all busy. And amidst all this activity, it's pretty easy to settle into a routine. And if that routine does not include regular interaction with other business units, you're not going to be as effective as you'd like.

It's not simply about crafting a compliance checklist and throwing it over the wall to the folks in marketing. And it's not about setting up a one-time breakfast meeting with a colleague from IT. As privacy professionals, we need to have regular and consistent involvement in the other business units of your organization. Like my friend Reed Freeman likes to say, "Invite yourself to meetings." Expanding your influence, exposure and value within the organization is an ongoing process that requires a significant commitment of time and energy. But if you make that commitment, I can tell you from experience that you'll have a much easier time achieving your objectives - and you'll probably have a more interesting and satisfying work experience and career trajectory.

This is just the beginning.
I really see this as simply the beginning of the conversation. In other words, don't worry - I've got lots more to say on this topic - and will, at the March Summit. And my fellow panelists also have some fantastic perspectives and experience to share. What's key for me, is that the conversation should go on far after the panel has ended. And I invite each of you to take part in that conversation.

Alan Chapell, CIPP, is President of Chapell and Associates, a strategic consulting firm that helps companies develop sound privacy programs. Chapell is known for his work in the establishment of best practice standards for privacy and responsible marketing. He is recognized as a leading writer and frequent speaker on privacy, permissions management, mobile marketing and behavioral targeting. He may be reached at


This e-mail address is being protected from spam bots, you need JavaScript enabled to view it



If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»