By combining general executive-level business education and experience with specific knowledge of privacy laws in various contexts and across jurisdictions, you can become a chief privacy officer (CPO). A command of privacy law can be gained through specialized education, such as obtaining a law degree, or practical experience, such as working for a government agency that regulates how businesses use data. Because the CPO title is still a new one, the standard requirements are still evolving.
The rise of the Internet altered the way businesses interact with their customers. Companies can compile a vast array of personal information about the people they serve using web-based electronic data collection, but they have few controls over what they can do with it. To protect the public, jurisdictions passed laws requiring companies to provide certain disclosures before collecting any information, limiting the types of information that can be collected, and determining what they can do with it with or without permission. The CPO position was created to assist businesses in meeting their legal obligations under the new privacy laws.
A senior executive is referred to as a CPO. To become a chief privacy officer, you’d need to have executive-level credentials. The majority of senior executives have a bachelor’s degree in a business-related field, such as administration or finance. Many of them have a postgraduate degree, such as an MBA. A senior executive often needs seven to ten years of practical experience working his way up through the company hierarchy, in addition to the educational requirements.
There is no single business path that has been established as the standard for becoming a chief privacy officer. People who currently hold these positions have come to them in a variety of ways, as it is a new title that is slowly gaining popularity. The legal department is the most logical route. A law degree would demonstrate your ability to handle the legal aspects of the job. Another related path is risk management, as a company’s privacy policy is ultimately a risk management tool.
Experience in a related field can also assist you in becoming a chief privacy officer. Every jurisdiction has government agencies that oversee corporate compliance with privacy laws. In this area, certain nonprofit organizations work on policy. Many businesses, particularly those in the medical and technology industries, are involved in ongoing and cutting-edge privacy law suits in multiple jurisdictions. Any time spent in one of these situations could be applied to a position as a CPO.
If you want to become a chief privacy officer, you should also keep up with developments in the privacy law industry as a whole. The International Association of Privacy Professionals (IAPP) was founded in 2000 and provides privacy professionals with certification, training, and events. Although IAPP certification is often beneficial in obtaining a CPO position, it is not required.