What is a Chief Privacy Officer? This executive position is one of the most important positions in information security. A relatively new position, Chief Privacy Officer (or CPO) is responsible for, among other things, managing the privacy of data within an organization. The CPO constructs a company’s policies, procedures and strategies relating to privacy of data – customer data as well as organizational data.
CPOs work in all sorts of companies, from health-related to software to business. Privacy is an ever-evolving complex issue that is always changing as new, emerging technologies (such as facial recognition) begin being used in a widespread manner. As of 2020, each state has its own privacy laws and policies, with no central, comprehensive federal law governing privacy. This makes it even more difficult for companies to know what privacy regulations they must comply with. The CPO is responsible for knowing and making sure that companies adhere to such regulations.
CPO is an ambitious position for which one can aspire. It is not an entry-level position, by any means, but rather, one that takes years of education and experience to attain. If you would like to learn more about becoming a Chief Privacy Officer, keep reading.
Education and Experience Required to Become a Chief Privacy Officer
A minimum of a bachelor’s degree is usually necessary in order to become a Chief Privacy Officer, but some companies require CPOs to hold a graduate degree, while other companies want CPOs to have a law degree. Make sure that you have the proper educational background requested when you are applying for a CPO position. Check out our Cybersecurity Bachelor’s Degree guide to find programs in your state.
Some bachelor’s degrees that lend themselves well to becoming a CPO include:
- Bachelor of Science in Computer Information Systems-Cybersecurity – Louisiana Tech University, Ruston
- Bachelor of Science in Information Technology-Cybersecurity Specialization – Colorado State University Global, online
- Bachelor of Science in Strategic and Security Studies – Concentration in Cybersecurity -University of North Georgia, Blue Ridge
- Bachelor of Applied Science in Cyber Security/Information Assurance – Indiana University Southeast, New Albany
Experience is a must for those applying to become a CPO. In order to get started in gaining your experience in the field, check out our Guide to Cybersecurity Internships to find applicable opportunities.
Additionally, you will need experience with and knowledge of federal and state privacy laws that apply to the business for which you are wanting to work as a CPO. Examples of such privacy laws include:
- Health Insurance Portability and Accountability Act (HIPAA)
- European Union’s General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Massachusetts Data Privacy Law
- New York Privacy Act
Industry certifications that are desired for Chief Privacy Officers include:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Privacy Technologist (CIPT)
- Certified Information Privacy Manager (CIPM)
- Certified Information Privacy Professional (CIPP)
- Certified in Healthcare Privacy Compliance (CHPC)
- Certified in Privacy and Security (CHPS)
Job Description & Skills Required for a Chief Privacy Officer
Depending upon the setting in which a Chief Privacy Officer works, their duties and responsibilities will vary. Generally, however, the job description of a CPO will entail the following:
- Create a privacy program for the company defining, developing, maintaining and implementing procedures that enable consistent, effective privacy practices and minimize risk, ensuring confidentiality of protected information
- Working with senior management, security and corporate compliance officers to govern privacy program
- Collaborate with information security officer to ensure that security and privacy concerns are aligned
- Establishes an ongoing program to track, investigate and report inappropriate access and disclosure of protected data.
- Perform initial and periodic information privacy risk assessment, analysis, mitigation and remediation
- Create and maintain appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organizational and legal requirements and practices
- Oversee, develop and deliver initial and ongoing privacy training to employees
- Work with other organizational units to oversee rights of customers/patients to inspect, amend and restrict their personal data
- Manage all breach determination and notification processes under applicable federal and state laws
- Maintain current knowledge of all applicable federal and state privacy laws
- Work with organization’s administration, legal counsel and others to represent the organization’s information privacy interests with external parties
- Cooperate with federal and state regulators in compliance reviews or investigations
- Serve as an information privacy resource to the organization regarding release of information and to all departments when privacy issues arise
Skills and traits that are essential for CPOs include:
- Organizational, facilitation, written and oral communication skills
- Knowledge and experience in federal and state information privacy laws
- Work well as part of a team
- Excellent customer service skills
- Excellent writing skills
- Excellent presentation skills
- Integrity, honesty and trust
- Familiarity with relevant privacy legislation and standards for protection of information privacy data
- Legal, operational and/or financial skills
Chief Privacy Officer Salary & Job Outlook
The International Association of Privacy Professionals (IAPP) conducted a Salary Survey in 2019. They found that the median annual salary for Chief Privacy Officers in the U.S. and the European Union in 2019 was $200,000 to $212,000. As privacy remains a primary concern in information security, it is expected that job opportunities for Chief Privacy Officers will continue to proliferate, matching or exceeding the expected 31 percent increase in jobs for all information security professionals that is projected by the U.S. Bureau of Labor Statistics (BLS) from 2019 to 2029. As one of the leading CPOs in the nation, Richard Purcell of Microsoft, noted, “There’s never been total privacy in commerce. Companies and consumers have always exchanged information. But as the Internet amplifies the flow of information, the need for trust has grown dramatically.” It is expected that this need will continue to grow as technology advances even further.