The U.S. federal government is hiring privacy professionals — but chances are you wouldn’t know about it. Privacy jobs are classified at the federal level using a job description originally designed for Freedom of Information Act positions. And trying to navigate through the government’s byzantine job classification and application system in search of a privacy job can leave even the most hopeful candidates scratching their heads.
This is unfortunate since few if any world leaders have embraced and recognized the need for privacy as much as President Obama. In his February 2016 Executive Order establishing a Federal Privacy Council, the President called for a “revised policy on the role and designation of the Senior Agency Officials for Privacy.” He required the policy to provide guidance on the SAOP’s agency responsibilities, level of expertise, and resource needs. He charged the Council with recommending “how best to address the hiring, training and professional development needs of the Federal Government with respect to privacy matters.”
In December 2015, Office of Management and Budget Director Shaun Donovan called for the government to hire more privacy professionals in his Federal Privacy Summit address: “We need capable privacy professionals on the ground and at the table to evaluate privacy risks on an ongoing basis and to help ensure the protection of PII at all times.” Privacy teams will help reduce the impact of security incidents, he said, foster citizens’ trust in how the government handles their data, and mitigate risks in agency information-sharing practices. Donovan explicitly noted that federal agencies struggle to attract and hire top privacy talent, and he bemoaned the lack of a “career path for privacy” in the U.S. government.
To make career path a reality and deliver on these promises from the president, the government should recognize the emergence, existence and growth of a privacy profession, complete with its own set of skills, experience and expertise.
Privacy jobs classification
In the federal government, the Office of Personnel Management (OPM) classifies jobs by general position (such as “Clerical and Administrative Support”) and by the qualifications needed to fulfill the job functions. Within the “General Schedule” or “GS” system, positions are assigned an occupational series number corresponding to their job classification and grade-level number establishing their salary range.
Today, when a federal agency seeks to hire a privacy professional, the position is usually classified under the job title “Government Information Specialist,” also known as occupational series GS-0306; a few privacy roles are categorized as attorney positions, classified in the GS-0905 series. The 0306 job series, which originated in and still serves agencies’ need to comply with FOIA requests, falls under “Administrative and Management Positions” and contains no specific Individual Occupational Requirements such as experience or educational prerequisites. In other words, to become a privacy professional in the U.S. government, applicants do not need to demonstrate any specialized education, training or experience — for example, a JD (law degree), CIPP (privacy certification) or previous experience managing data.
[quote]Today, when a federal agency seeks to hire a privacy professional, the position is usually classified under the job title “Government Information Specialist,” also known as occupational series GS-0306.[/quote]
According to the “Position Classification Flysheet,” a Government Information Series 0306 position involves “administering, analyzing, supervising, or performing work involved in establishing, disseminating or managing Government information.” These positions invariably grapple with privacy risks, and duties include “developing, implementing and maintaining privacy policies and procedures.” But the primary functions relate to assisting the general public with requests for government information. To be sure, there are some similarities between privacy and FOIA tasks; yet privacy professionals require a deep understanding of issues less relevant for FOIA, such as new technologies, personally identifiable information, de-identification, data classification, and more.
An applicant for a privacy position within the government may struggle to find a match for her skills, expertise and interests, particularly if she is new to the USAJOBS.gov website and the government job classification scheme. She may miss an opportunity to work as a Privacy Analyst for the Federal Emergency Management Agency, for example, because the job is titled “Government Information Specialist.” If she searches for “privacy” jobs by keyword she may find opportunities to be a desk clerk at a Navy-owned lodge, or to serve as a nurse with the Veterans Administration; both descriptions happen to contain the word “privacy.”
And while re-tooling job descriptions with new serial numbers, educational requirements, and experience levels is surely a time-consuming task that requires cross-agency communication, the time has come for the government to forthrightly embrace the privacy profession, catching up with what has become standard market practice in the private sector.
The 2015 IAPP/EY Privacy Governance Report demonstrated that on nearly every measure, government privacy programs trail those of private sector organizations in staffing, budget, strategic focus and opportunities for career development. Compared to their private sector peers, government privacy employees who responded to the IAPP survey desired greater influence over compliance and security departments, were more likely to have insufficient budget and privacy training support, and were much more likely to complain of little or no career growth opportunities within their organization. Upon this foundation, it’s clear why the U.S. government is struggling to fill the many privacy positions it plans to generate.
Anatomy of a privacy professional
Unfortunately, the government is not immune to massive data breaches, and the consequences can be profound. The federal government collects, uses and stores some of the most comprehensive and sensitive personal data and manages the most complex tech policy issues imaginable. From data analytics by government-managed entitlement programs to cybersecurity data sharing, personal and business tax reports, rapid rollout of drone surveillance and beyond, the federal government’s data portfolio requires state of the art privacy and security programs.
These programs require staffing by privacy professionals trained in privacy laws, new technologies and ethical norms; connected to other privacy professionals developing new methods of privacy program management and compliance; familiar with privacy impact assessments and technologies to facilitate privacy practices; and competent in data minimization, de-identification and data classification techniques. Professionals capable of filling these positions must have appropriate college or graduate education as well as professional training and understanding of privacy concepts.
The Federal Privacy Council and OPM are on a mission to define and promote privacy roles within federal agencies. Their task would be easier if they better addressed the gap between the current framework for privacy jobs in the federal government and the realities of today’s privacy professional workforce.