As a relatively new position in the workforce, chief privacy officer (CPO) is set to become increasingly popular in light of continuing concerns over the collection, storage and use of medical records, financial transactions and other confidential information.
With mobile technology, big data and other Internet-related use growing, the role of the CPO is becoming more established in companies, both in the private and public sectors.
“Data powers the information economy,” according to the International Association of Privacy Professionals (IAPP). “And the risks associated with it continue to skyrocket.”
The not-for-profit industry group, which was established in 2000, has projected that Fortune 1000 companies will spend nearly $3 billion on privacy-related costs in 2015.
Typically, a chief privacy officer manages risks, data protection and privacy concerns. These executives oversee issues relating to an organization’s privacy policies and procedures. This can include ensuring compliance with confidentiality safeguards related to healthcare information regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), and to financial rules, including the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act.
Specifically, a chief privacy officer may:
- Assist in the maintenance, implementation and identification of privacy policies and procedures in coordination with management, legal and administrative entities
- Communicate with staff and customers about the details of privacy policies
- Work with the legal department to ensure an organization maintains privacy and confidentiality consent, information notices and authorization materials in accordance with approved practices
- Perform privacy risk assessments and monitor activities to ensure all entities are complying with privacy procedures
- Oversee privacy training and orientation for all employees
- Create and monitor all privacy agreements with external parties, such as trading partners and business associates
- Establish processes for responding to complaints concerning privacy policies
- Foster awareness about the importance of privacy
- Ensure alignment of information security policies and privacy practices
- Keep updated on federal, state and local privacy laws and standards, and information privacy technology
Experience in the technology, legal and/or management fields can be a tremendous asset to individuals pursuing a career as a CPO. Employers may also prefer candidates with an advanced degree, such as a Master of Science in Information Technology or an MBA with a specialization in Information Technology Management.
Job Growth and Salary Potential
According to the U.S. Bureau of Labor Statistics (BLS), the median annual salary for top executives nationwide was almost $102,000 as of May 2012, with the top 10% earning more than $187,000. Employment of these C-suite professionals is projected to grow by 11% between 2012 and 2022, keeping pace with the average growth rate for all occupations during the same decade.
Salary potential and job opportunities vary based on a number of factors, including local market conditions, industry type, and a candidate’s work experience and educational qualifications.
The BLS does not list specific job growth or salary data for the position of chief privacy officer. However, marketplace trends and industry developments seem to indicate that these professionals will be in demand in the coming years.
A November 2014 report by the IAPP found that 33% of Fortune 1000 companies “plan to increase fully dedicated privacy headcount or create positions with privacy as part of its responsibility in the next year.”
Additionally, in January 2015, President Barack Obama announced a series of initiatives designed to bolster consumer protection in the cyber environment, including proposed rules on how companies can store and use their customers’ personal information.
As the IAPP notes on its website, “customers and clients increasingly demand that the companies they do business with demonstrate that they are committed to safeguarding data.”