OneTrust_Square Banner_300x250_DD_ROS_01_19

Young professionals are increasingly entering the field of privacy. The IAPP asked a few of them some questions about how they got into the field, what they see as the most pressing issues and where they see their careers heading.

Natasha Nanji, 27
Public Affairs Specialist at the Canadian Marketing Association
Andrew Schlossberg, 22
Honors Paralegal, Mobile Technology Unit, Bureau of Consumer Protection, Federal Trade Commission
Patricia Shorey, 26
Advisory Services, Ernst & Young
Michael Jones, 29
Global Privacy Program Manager, Monster Worldwide


The Privacy Advisor: What was your introduction to privacy? How did you get your start, and why did it interest you?

Natasha Nanji:I basically fell into privacy when I started at my current position and was quickly brought up-to-speed on the various requirements of Canada’s regulatory regime.

I found privacy to be immediately interesting because of how pervasive the issues were. While I’d always been reluctant to share personal information on social media sites, I was never fully aware of how much of a digital footprint I left and how it followed “me”—or at least my IP address—everywhere. To be honest, I was completely alarmed and wanted to understand what was going on in the backend.

Andrew Schlossberg: Interestingly enough, my introduction to privacy occurred in Europe. I studied abroad in Belgium during college, and I interned at an EU-lobby law firm that dealt with a wide range of issues including data protection. When I returned to the US, I decided to enroll in an Internet policy class, and through several contacts I made while writing my final paper, I attended the 2010 IAPP Privacy Academy in Baltimore as a scholarship student. Initially, given my concentration in international relations, I was interested in privacy because of its national security element—balancing the right to privacy with governmental need to share information necessary to combat terrorism. However, my interests have since broadened into more general issues of law and technology.

Patricia Shorey: I started doing privacy work during my second year of law school. I had interned in the internal audit department of an insurance company during undergrad. They knew I had gone on to law school, so when their privacy team was looking for a law school intern to help with legislative and case law tracking, their HR department contacted me. I interviewed and took the job.

When it came time to register for classes for the fall of my third year of law school, I noticed that Trevor Hughes, CIPP/US, was offering a privacy course with the opportunity to sit for the CIPP exam. Because of the work I had been doing in privacy, I started noticing that privacy issues were in the news on a regular basis. I realized how relevant and important the work our privacy team was doing was, so I enrolled in Trevor’s course to learn more about the field. This led to an externship at the IAPP for the spring semester, which led to my current position at Ernst & Young following graduation and the bar exam.

Michael Jones: I was introduced to privacy during law school. I joined the staff of the I/S journal of Law and Policy for the Information Society at Ohio State, which produces one issue each year solely dedicated to privacy. Although I learned about privacy as a field of study while working on the journal, it touched on something I was interested in long before law school: the choices we have online regarding forming and sharing our identities. I got my start thanks to Peter Swire, CIPP/US, a professor at Ohio State and former privacy advisor to the U.S. Office of Management and Budget, who pointed me toward a job opening for an entry-level privacy professional at Monster.

The Privacy Advisor: Where do you work now and what does it entail?

Nanji: I work in public affairs at the Canadian Marketing Association, focusing largely on marketing-related privacy issues, especially in the digital space. I strive to balance the needs of marketers to contact consumers with privacy legislation and industry best practices. I am engaged on issues pertaining to email marketing, social media and behavioral advertising.

Schlossberg: I work on the FTC's Mobile Technology Unit, which is part of the Division of Financial Practices in our Bureau of Consumer Protection (BCP). My duties range from investigating potential deceptive mobile apps to drafting reports to senior staff on a wide range of practices in the mobile marketplace to assisting other BCP divisions on their cases with a mobile element. Our unit was created less than two years ago, so it’s been an exciting time to work on cutting-edge technology issues.

Shorey: I work in the Ernst & Young privacy practice. Most of the work we do falls under one of three categories—assessments, remediation and assurance, where we provide privacy audit reports like Service Organization Controls. Some of the professionals in our practice focus only on one or two of these categories. However, as a “young privacy pro” I get to work on engagements across these areas and gain a broad range of experiences. Every once in a while I get to travel for work, including internationally. I like that part of the experience; it’s not constant and not overly taxing.

Jones: I work at Monster Worldwide, the parent company of websites including, and My responsibilities stretch across all Monster properties in the 50 countries in which we have a presence. The Privacy Office embraces the concept of Privacy by Design, and one of my primary responsibilities is working with our product group to develop products that respect the privacy choices made by our users. I also review contracts, perform internal privacy reviews, respond to privacy complaints and train staff on privacy best practices.

The Privacy Advisor: Do you have any thoughts on where you’d like to take your privacy career?

Nanji:Digital fascinates me. I’d like to be in a position to draft and influence policy as we continue to balance the needs of innovation and personal privacy.

Schlossberg: I plan to attend law school after I leave the FTC. I've been thinking a lot about my career beyond that, and at this point, I'd like to get exposure to as many parts of the privacy landscape as possible. I'm working in government now, but I hope to explore other opportunities at a firm, nonprofit, in-house or clerking for a judge. I'd also like to spend some time back in Belgium working on EU data protection issues—I think the differing privacy frameworks between the EU and U.S. are fascinating, and I would like to play a part in bridging the differences.

Shorey: Absolutely. I’m gunning for Trevor’s job.  

Jones: Ultimately, I’d like to be a chief privacy officer. Privacy professionals address challenges across a variety of fields including law, economics and psychology. I can’t think of a better way to stay engaged in such a multifaceted field.

The Privacy Advisor: What kinds of privacy issues seem to be most prevalent these days? What are the hot topics?

Nanji:At least for my industry, I would have to say behavioral advertising and the entire notion of Big Data. What is being tracked, by whom and can it be tied to me as an individual? How much should a person be required to reveal in order to utilize a service, and how do we legislate consent? 

Schlossberg: Certainly privacy issues related to mobile devices, and my unit—and bureau—have been very active in this space recently. There are so many unanswered questions about the emerging app ecosystem, and our agency has been staying ahead of the curve by encouraging app developers to build in privacy in their products while ensuring that consumers are not deceived when using them. Another hot topic is mobile payments—the FTC held a workshop last March exploring the privacy and security issues behind this emerging industry. For consumers, mobile payments can be an easy and convenient way to pay for goods and services, obtain discounts through mobile coupons and earn or use loyalty points. However, with so many different players involved, from banks, merchants and payment card networks to operating system manufacturers, mobile phone carriers and payment app developers, there are obvious privacy issues to consider as well.

Shorey: I can’t pick a particular topic that I think is gaining more attention than others right now. We do quite a bit of work helping companies meet Binding Corporate Rules (BCR) status. The interest in BCR has grown tremendously in the last year. Privacy issues correlate with changes in technology and the use of information. We work with clients on privacy and smart grid, electronic health records, cloud computing and social media to name a few, but a common theme we see in our practice is a focus on accountability.

We see our clients becoming more concerned about privacy issues as their own clients and other stakeholders seek to hold them accountable for their privacy practices. We are seeing an increase in interest in privacy Service Organization Controls 2 (SOC 2) reports from our clients, which provide assurance based on the Trust Services Principles and Criteria, demonstrating the growing importance of accountability for privacy practices.

Jones: Behavioral advertising continues to be one of the most discussed topics. It’s part of the larger discussion surrounding the definition of personally identifiable information. Historically, we’ve taken a binary approach to classifying information: whether it’s identifiable and whether it’s public. The growth of Big Data and social networking have made it clear these concepts exist on a continuum, and as an industry we are still working through how to develop laws and policies to reflect this new understanding.

The Privacy Advisor: Now that you’re in the field, what advice would you give to a student considering going into work as a privacy professional?

Nanji:By virtue of our generation, trust in your knowledge base. While you may not have years of work experience, you’ve garnered a wealth of practical knowledge through your daily life. Privacy is a dynamic and constantly changing field—just go with it; you’ll be shocked by how many things it touches.

Schlossberg: I'm not sure I'm qualified to give advice this early in my career, but I would recommend that a student be very flexible and try not to plan too far ahead in his/her privacy career. This field is rapidly changing, so it's not always clear what types of opportunities will be available. The key is to build a professional network and to continue to learn as much as possible about the field. 

Shorey: I would advise students interested in any profession to gain as much hands-on experience as possible while in school, whether it is through internships or volunteer work.  It will help students learn about themselves and their interests, as well as find mentors to help them navigate their career paths and serve as resources when questions arise in the field. Furthermore, little is more valuable to an employer than a candidate with practical experience.

Jones: Learn a variety of skills, with focus on technology and data flow. A cursory understanding of servers and databases won’t cut it. Go global—data is fluid, and it will only be a matter of time before you are working across multiple countries and regulatory schemes.

If you’re a young professional looking to get more involved in the profession, contact IAPP Member Engagement Manager Katherine Gilchrest at

Written By

Angelique Carson, CIPP/US


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum returns to Washington, DC April 21, delivering renowned keynote speakers and a distinguished panel of legal and privacy experts.

Asia Privacy Forum 2017

The Forum returns to Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region. Call for Speakers open!

Privacy. Security. Risk. 2017

This year, we're bringing P.S.R. to San Diego. The Call for Speakers is now open. Submit today and be a part of something big! Submission deadline: February 26.

Europe Data Protection Congress 2017

European policy debate, multi-level strategic thinking and thought-provoking discussion. The Call for Speakers is open until March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»