TrustArc Blog

Top 5 Qualities in a Great Chief Privacy Officer (CPO)

September 29, 2014

Core qualities of a chief privacy officer (CPO).

By Alexandra Ross, The Privacy Guru (@sharemindfully)

Guest Blog

Whenever a new position emerges at the C-suite level, you can be certain substantial debate about exactly what the role encompasses and which skills are crucial for meeting an organization’s needs will follow. It’s understandable, as a new executive role is often a response to massive new complexities. Just consider how the computing revolution and the knowledge economy gave rise to CTO and CIO roles.

Today, extensions of those sea changes have placed new demands on companies – startups as well as more developed businesses. Mobile tech innovation, e-commerce, and the rapid growth of a globally networked society have elevated privacy into a priority issue. Make a list of high-profile stories over the past year, and you’ll be hard pressed to find one which doesn’t touch on data privacy: Revelations about government surveillance, app developers and social media companies experimenting with feed algorithms and location tracking, major retail security breaches… they all point towards increasing concern over privacy and the way institutions are not always fully prepared for the challenges privacy issues present.

If recruiting a Chief Privacy Officer (CPO) is not on your company’s agenda now, it probably will be in the near future. Fundamentally, a CPO is senior policy advisor on privacy issues and will counsel companies on processes and procedures including the development of privacy practices and policies, customer confidentiality, data security requirements, as well as training employees on privacy issues. A CPO typically has a law degree and interfaces regularly with the company’s CEO, CTO/CIO, legal and compliance departments.

But how do you identify the underlying skills and qualities which make for an exceptional CPO? Let’s take a look at five core qualities in a great CPO:

1. Privacy specialization. A legal mind with a background in intellectual property, litigation or technology is a solid foundation, and CIPP Certification from the International Association of Privacy Professionals (IAPP) will also ensure your CPO is capable of establishing a privacy framework and compliance structure. Experience as an advisor to companies likely to experience leading-edge privacy issues, such as cloud computing or online retail is also a plus.

2. Future focused. Great CPOs stay on top of the latest developments in tech innovation, pending legislation, lobbying efforts, and other early indicators of what the privacy landscape may look like in the near and long-term future. Hands-on experience with technology and the ability to see a company’s products and services through the lens of a privacy-aware customer is essential.

3. Risk aware. CPOs not only need to take point on advising and coordinating with PR departments in the event of a data breach, but they also need to provide counsel on proactive privacy marketing which can help give a company competitive advantages and address consumer concerns up front. Risk assessment also extends to collaborating with the security team on internal processes to ensure appropriate security standards are in place.

4. Transparent communicator. Many privacy policies are poorly written and often ignored by consumers because they obscure an organization’s privacy practices in legalese. A CPO knows that privacy-aware companies strive for transparency, including communication among the company’s stakeholders about their strategic objectives and how those objectives relate to privacy issues and risks the company faces.

5. Empathetic. While privacy is a major public concern for companies, it is also an intensely personal issue for individuals. People value privacy differently, and a talented CPO will be capable of understanding differing values across a wide range of perspectives. The ability to balance business objectives while interpreting the privacy practices of customers is fundamental. Many mistakes are made when organizations assume their employees, managers, and customers share a common understanding of what privacy means. The great CPO ultimately integrates a wider organizational mindfulness regarding privacy.

Hiring a CPO demonstrates an organization is aware of the deepest complexities we face in the modern technology age. It signals a willingness to embrace those complexities and prepare for the future, and it reinforces a message of respect for its customers. When you hire a CPO, you build trust with your customers and send a message that your company invests in privacy.

Alexandra Ross is the founder of The Privacy Guru and Senior Counsel at Paragon Legal. She is a certified information privacy professional and practices privacy and technology law in San Francisco, California.