The number of privacy pros continues to grow at an unadulterated pace. Everyone's collecting data, everyone needs to know how to treat it, no one wants to get hacked, and so on. But for all the growth the industry's experiencing, there is a solid core of pros who've been doing privacy for the majority of their now-long careers. It's a good thing, too, because it can take some time to understand the nuances, to read the literature, to immerse oneself in the necessary professional relationships to really succeed.
But once you're there, once you could call yourself a "veteran" in the privacy field with a straight face, is it possible to transition from industry to industry without starting at square one?
Allen Brandt, FIP, CIPM, CIPP/E, CIPP/US, says yes.
He's been in privacy for 12 years. He spent a couple years in online marketing but soon moved to education, working for nine years as CPO and corporate counsel at the Graduate Management Admission Council, the organization that owns the GMAT exam. But in May he made a big change to take a gig as CPO at the Depository Trust & Clearing Corporation. The company handles stock transactions, and it's worth $1.5 quadrillion (editor's note: We did not make up that number). He technically joined DTCC in November 2015, he said, but wasn't an official employee until three months ago.
Jumping from education, where an immersive decade's-worth of problem solving had trained him well, into the financial markets industry, in which he'd never worked before, may have been daunting to some. But Brandt said he was ready to do something different.
"I really was curious as to when you're changing ... completely changing industries, how different is the privacy world?" he said. "And being here now for seven months, I can tell you it's very similar. The principles are the same, the definition of privacy is the same in every industry. The basic concepts of the way you handle privacy ... the vendor management, for example, is the same. You ask the same questions."
Take marketing, as another example. While companies might have their own sensitivities based on their specific business, every regulation or law on privacy or data protection starts with the same similar definition of what's important to protect. That said, there are differences from jurisdiction to jurisdiction on what's considered sensitive. In the U.S., for example, the FTC cares deeply about children's data, health data and financial data. But in Europe, financial data isn't considered sensitive, but sexual preference is.
What's also different, he said, is the way privacy is implemented from country to country.
DTCC is a global company with 16 offices in 16 countries, including the U.S., where Brandt is based.
"Every country has its different privacy culture," he said, which has been difficult at times. "I'm still very early in learning this business, which has more than 40 legal entities everywhere."
Often it's just a question of acronyms — "Sometimes I'll raise my hand and have them say it again in English," he said — but, the time difference has its logistical impediments, too. He said that's a "major challenge." For example, an incident that happens during working hours in Europe or Asia that would normally get flagged and communicated to the U.S. may not be if it's the middle of the night overseas.
"That has some unintended consequences," he said.
The scale of Brandt's work is also different now. DTCC has about 6,300 employees, as opposed to GMAC's 100 or so. His team, however, is just four deep. He's been doing a lot of outreach and education and making sure to get face time, which he said will be an ongoing challenge just based on sheer numbers. But that's not so different from the struggles at any organization, he added.
In the end, Brandt's glad he made the switch.
"People tend to stay in the same [industry] for a long time, but if you step back for a minute and look at everything IAPP does and others talk about with regard to personal information and how it's treated, and respect for the customer, it doesn't change across industries," he said. "Once you get past that uneasiness or fear where you say, 'I don't know anything about health care or this different regulation or that different regulation,' when you peel it back, the core is the same."
If you want to comment on this post, you need to login.