Nov 1, 2019

The global shortage of privacy experts

Illustration: Sarah Grillo/Axios

It's more important than ever for companies to have privacy experts, to help them obey proliferating laws on how consumers' data can be used — but it's hard to find people with the expertise to do it.

Why it matters: Privacy is a once-and-future battleground. Without more qualified professionals, everyone’s sensitive information could fall vulnerable to corporate ignorance, mismanagement and whim.

While companies like IBM, AT&T, Microsoft and Pfizer have had chief privacy officers for years, others — like Facebook and Uber — have hired them more recently after learning the pitfalls of data problems the hard way. There's a lot of demand.

  • "Companies around the globe are having trouble finding people," Dominique Shelton Leipzig, a privacy specialist at the law firm Perkins Coie, tells Axios. "I just got a note from somebody in Saudi Arabia who was looking for people in this area."
  • What's important, she added, "is to realize that every company is a data company — it’s not just big tech.”

The big picture: The tests that are considered the global gold standard to be certified for privacy jobs are written by the International Association of Privacy Professionals (IAPP), based in Portsmouth, N.H.

  • The tests vary by geography. Some cover the requirements of Europe’s General Data Protection Regulation (GDPR), which took effect last year, or the California Consumer Privacy Act, which kicks in Jan. 1.

Interest in taking the tests has risen “supersonically,” Douglas Forman, who oversees the IAPP’s certification exams, tells Axios, and 2018 was “our biggest year for certification ever.”

Even so, a lot of Fortune 500 companies “don’t have strong teams around data privacy,” Anneka Gupta, president and head of products and platforms at LiveRamp, a data management company, tells Axios.

  • On LinkedIn, hiring for jobs with the titles “chief privacy officer,” “privacy officer” or “data protection officer” increased 77% from 2016-2019, according to an analysis that LinkedIn conducted for Axios.
  • More than 20,000 people globally have passed the IAPP's certification exams — but that’s not enough to meet the demand.
  • One in three Americans has been exposed to a data compromise, and 47% feel they have "little to no control of their personal data," according to a Deloitte survey.

“You can’t just throw 500 bodies at the problem,” Kabir Barday, CEO of OneTrust, which helps companies comply with privacy laws, tells Axios.

The privacy movement is galvanizing: Alastair Mactaggart — the California businessman who was the driving force behind the state's new privacy law — is redoubling his efforts, aiming to strengthen the law through a 2020 ballot initiative.

In enforcement actions, the Federal Trade Commission has been instructing companies to hire chief privacy officers. Examples include Facebook, which named a CPO in July after its $5 billion settlement, and Uber.

Between the lines: More law schools are introducing privacy as a course of study — and the American Bar Association recently recognized it as a dedicated specialty — but the privacy profession is very much an evolving discipline.

  • It’s helpful to have a legal background, an understanding of computer architecture (to know where myriad consumer databases could be housed), and a liberal arts sensibility — to "get" why privacy matters so much to consumers.
  • About 50% of data privacy professionals are women, in contrast to the male-dominated tech world.

Then and now: Kalinda Raina, head of global privacy at LinkedIn, said that when she began her career in privacy law two decades ago, a senior lawyer "told me I was wasting my time."

  • "When I would first go to IAPP events, there were maybe 200 people, and the excitement was that there were other people thinking about the issue" of consumer privacy.

Today she has a staff of 11 people, who regularly train colleagues across LinkedIn and help them prepare for IAPP certification exams. "One of the things you need is an ethical compass," Raina told Axios.

The bottom line: The privacy field is still in its early days, and laws and best practices are changing at warp speed. “Every day is different,” says Forman of the IAPP.

  • On the plus side: “You feel like you’re doing something good by helping companies protect something that’s actually important.”

Go deeper: The future of privacy starts in California

Go deeper

Microsoft to apply California privacy rules to all users nationwide

Photo: Alex Tai/SOPA Images/LightRocket/Getty Images

Microsoft said in a blog post Monday that it will apply the protections of a new California privacy law for all users in the U.S. The California Consumer Privacy Act was passed last year, but goes into effect Jan. 1.

Why it matters: The law allows consumers to require companies to disclose what data they are keeping on a consumer, and gives consumers the right to have such data be deleted. Also, starting next July, Californians will be allowed to sue businesses for certain data breaches.

Go deeperArrowNov 12, 2019

California lawmakers call for new privacy cop

Reps. Anna Eshoo and Zoe Lofgren. Photos: Tom Williams/Getty Contributor; Chip Somodevilla/Getty Staff.

A pair of California Democrats want to create a new federal agency to protect U.S. consumers' privacy as part of an online privacy bill unveiled Tuesday.

The big picture: Reps. Anna Eshoo and Zoe Lofgren said their Online Privacy Act would create a "Digital Privacy Agency," give users the right to correct and delete information, and impose new restrictions on companies' use of data. The Silicon Valley representatives are setting a high bar for federal privacy legislation amid bipartisan legislation efforts.

Go deeperArrowNov 5, 2019

Data is the new antitrust battleground

Illustration: Aïda Amer/Axios

Regulators on both sides of the Atlantic are beginning to probe whether the biggest tech companies' handling of consumer data represents an unfair form of competition.

Why it matters: Consumer data is the fuel of the digital economy and the key to tech giants' market leverage. It is also challenging antitrust regulators’ ability to investigate competition issues, because today’s antitrust laws don’t specifically address data dynamics.

Go deeperArrowNov 13, 2019