What makes a good privacy professional?

Emma Butler, , published an entry in the blog of the International Association of Privacy Professionals discussing the characteristics that are to be sought in a privacy professional. The key questions she poses to select the right person for such a role are:

«…do you want a lawyer who just advises on the interpretation on the law and leaves decision making on privacy and subsequent implementation to the business? Or do you want a practitioner who can drive the privacy programme from the ground up, making key decisions and delivering privacy effectively across the business?»

Following she outlines the :

• Someone who can make decisions.
• Understand business priorities and limitations.
• Deliver training.
• Assist with risk assessment and project manage.
• Develop and run the privacy programme.
• Take a strategic view as well as firefight daily.
• Plan for the medium and long-term but also react quickly to changing demands and deadlines.
• Unlikely to also be experts in employment law, coding, firewalls or liability caps so they need to be able to successfully co-operate with, and use the expertise of, all facets of the business. And speak their language—whether marketing, IT, legal, audit, risk management or business development.
• Be leaders.
• Be able to explain to and influence the senior management to get buy-in for projects, resources and changes to process, policy or even culture.
• Champion privacy and compliance among the business, often globally, and both lead and support other compliance staff or business champions.
• Be visible, personable and available to all staff: a source of advice and expertise, and a business enabler.
• Public speaking skills, presentation skills, diplomacy and the ability to think on your feet.

The mention of the privacy professional as a «business enabler» is key in my line of thinking and practice. I believe it doesn’t take a «highly-pedigreed» lawyer with lots of credentials to say something cannot be done; anyone, whether ignorant or not, can simply say no to something and kill an entire project.

However one such professional should at least be willing to sit and take a long hard look at things in an attempt to find a way for his clients’ projects to work and suggest how to go about it, unless they were definetly contrary to the law.

So when choosing a privacy professional for your organization and/or projects, you may care to consider whether or not that person meets with these characteristics outlined by Ms. Butler, and whether that professional’s attitude is of qualified enablement or incompetent obstruction.