What do you do when you find yourself as the head privacy officer for a global company spread across 30 countries with $10 billion in annual revenue? The Privacy Advisor caught up with Heidi Salow, CIPP/E, CIPP/US, CIPM, who recently joined Leidos as it’s newly appointed chief privacy officer, to get first impressions after her first month on the job. 

Salow said her reception has been quite overwhelming, “They are literally welcoming me with open arms.”

At Leidos, Salow's privacy office is part of the legal department, reporting up to the general counsel. The company currently has a handful of employees who help with privacy matters globally, but only one other full-time member of the privacy office. Salow’s job will be, in part, to grow that office from the ground-up, using existing company talent where possible. Salow said key jurisdictions for Leidos include the U.S., Europe and Australia, which means HIPAA, GDPR, and the Australian Privacy Principles are a top concern.

“I’ve only been here a month, so I am still trying to connect the dots and figure out what everyone does, but it’s a work in progress and it’s exciting. It’s a fun challenge to be the CPO at a company like Leidos,” she said. 

It's becoming easier to recruit top talent to the privacy field, she said. “It’s a field that younger professionals are definitely drawn to. Law schools now offer classes like cyber and privacy law. That didn’t exist previously," she said. "I’ve learned nearly everything through my career.  But now we see a lot of people in law school who are interested in this area and are getting the right training."

Despite enjoying her previous role as vice president and senior privacy officer with Thomson Reuters, she says she appreciates that this role is based at company headquarters in Reston, Virginia. As CPO, she's a trusted advisor and directly communicates with top decision-makers across the company. While the task of leading a privacy office at a company like Leidos, with a large multi-national presence, may seem daunting, comforting to Salow is the many similarities in the function of her role compared to her previous positions. “I’m both at the ten-thousand-foot level and the rolling-your-sleeves-up level," she said.

“This is something that many in my field strive for, and I was excited about the challenge of leading Leidos’ privacy office function and global data protection compliance program," she said.

Salow said, generally, there's been an evolution in what constitutes a privacy office; the roles and responsibilities within this type of function have become more sophisticated and complex. Salow said, "Even compared to five years ago, the complexity of what we do is tenfold.”

Part of her job in former roles has always been to educate and explain how privacy touches multiple groups within the company. While education has always been important, cross-communication is crucial.

“I don’t see how you could run a privacy office without interfacing with employees across the company. You wouldn't be effective.” She added, “It's all about education and awareness, not just compliance."

Salow almost hesitates to talk about compliance. It's a word that, once uttered, seems to lose half of any listening audience. That, too, is beginning to change. Salow notices companies are seeing compliance as a competitive advantage.

“That’s a huge shift. It was not like that when I started in the field, at all. When I first got involved in privacy law in the late '90s, nobody even knew what it was. Now when you say you're a privacy lawyer or a data protection lawyer, people immediately know what you mean. There has been a really interesting explosion of the field."

For people looking to make the shift and join as a chief privacy officer, Salow offers some words of advice: Know what you're walking into.

"Do not walk in the door and think you're going to solve everything immediately. My mantra every day is, 'baby steps'. That’s the best piece of advice I can give. It’s a great way to keep your sense of humor and get things on track,” she said.