Stories

The global shortage of privacy experts

Illustration of a padlock with only zeros on it
Illustration: Sarah Grillo/Axios

It's more important than ever for companies to have privacy experts, to help them obey proliferating laws on how consumers' data can be used — but it's hard to find people with the expertise to do it.

Why it matters: Privacy is a once-and-future battleground. Without more qualified professionals, everyone’s sensitive information could fall vulnerable to corporate ignorance, mismanagement and whim.

While companies like IBM, AT&T, Microsoft and Pfizer have had chief privacy officers for years, others — like Facebook and Uber — have hired them more recently after learning the pitfalls of data problems the hard way. There's a lot of demand.

  • "Companies around the globe are having trouble finding people," Dominique Shelton Leipzig, a privacy specialist at the law firm Perkins Coie, tells Axios. "I just got a note from somebody in Saudi Arabia who was looking for people in this area."
  • What's important, she added, "is to realize that every company is a data company — it’s not just big tech.”

The big picture: The tests that are considered the global gold standard to be certified for privacy jobs are written by the International Association of Privacy Professionals (IAPP), based in Portsmouth, N.H.

  • The tests vary by geography. Some cover the requirements of Europe’s General Data Protection Regulation (GDPR), which took effect last year, or the California Consumer Privacy Act, which kicks in Jan. 1.

Interest in taking the tests has risen “supersonically,” Douglas Forman, who oversees the IAPP’s certification exams, tells Axios, and 2018 was “our biggest year for certification ever.”

Even so, a lot of Fortune 500 companies “don’t have strong teams around data privacy,” Anneka Gupta, president and head of products and platforms at LiveRamp, a data management company, tells Axios.

  • On LinkedIn, hiring for jobs with the titles “chief privacy officer,” “privacy officer” or “data protection officer” increased 77% from 2016-2019, according to an analysis that LinkedIn conducted for Axios.
  • More than 20,000 people globally have passed the IAPP's certification exams — but that’s not enough to meet the demand.
  • One in three Americans has been exposed to a data compromise, and 47% feel they have "little to no control of their personal data," according to a Deloitte survey.

“You can’t just throw 500 bodies at the problem,” Kabir Barday, CEO of OneTrust, which helps companies comply with privacy laws, tells Axios.

The privacy movement is galvanizing: Alastair Mactaggart — the California businessman who was the driving force behind the state's new privacy law — is redoubling his efforts, aiming to strengthen the law through a 2020 ballot initiative.

In enforcement actions, the Federal Trade Commission has been instructing companies to hire chief privacy officers. Examples include Facebook, which named a CPO in July after its $5 billion settlement, and Uber.

Between the lines: More law schools are introducing privacy as a course of study — and the American Bar Association recently recognized it as a dedicated specialty — but the privacy profession is very much an evolving discipline.

  • It’s helpful to have a legal background, an understanding of computer architecture (to know where myriad consumer databases could be housed), and a liberal arts sensibility — to "get" why privacy matters so much to consumers.
  • About 50% of data privacy professionals are women, in contrast to the male-dominated tech world.

Then and now: Kalinda Raina, head of global privacy at LinkedIn, said that when she began her career in privacy law two decades ago, a senior lawyer "told me I was wasting my time."

  • "When I would first go to IAPP events, there were maybe 200 people, and the excitement was that there were other people thinking about the issue" of consumer privacy.

Today she has a staff of 11 people, who regularly train colleagues across LinkedIn and help them prepare for IAPP certification exams. "One of the things you need is an ethical compass," Raina told Axios.

The bottom line: The privacy field is still in its early days, and laws and best practices are changing at warp speed. “Every day is different,” says Forman of the IAPP.

  • On the plus side: “You feel like you’re doing something good by helping companies protect something that’s actually important.”

Go deeper: The future of privacy starts in California