Emma Butler, , published an entry in the blog of the International Association of Privacy Professionals discussing the characteristics that are to be sought in a privacy professional. The key questions she poses to select the right person for such a role are:
“…do you want a lawyer who just advises on the interpretation on the law and leaves decision making on privacy and subsequent implementation to the business? Or do you want a practitioner who can drive the privacy programme from the ground up, making key decisions and delivering privacy effectively across the business?”
Following she outlines the :
- Someone who can make decisions.
- Understand business priorities and limitations.
- Deliver training.
- Assist with risk assessment and project manage.
- Develop and run the privacy programme.
- Take a strategic view as well as firefight daily.
- Plan for the medium and long-term but also react quickly to changing demands and deadlines.
- Unlikely to also be experts in employment law, coding, firewalls or liability caps so they need to be able to successfully co-operate with, and use the expertise of, all facets of the business. And speak their language—whether marketing, IT, legal, audit, risk management or business development.
- Be leaders.
- Be able to explain to and influence the senior management to get buy-in for projects, resources and changes to process, policy or even culture.
- Champion privacy and compliance among the business, often globally, and both lead and support other compliance staff or business champions.
- Be visible, personable and available to all staff: a source of advice and expertise, and a business enabler.
- Public speaking skills, presentation skills, diplomacy and the ability to think on your feet.
The mention of the privacy professional as a “business enabler” is key in my line of thinking and practice. I believe it doesn’t take a “highly-pedigreed” lawyer with lots of credentials to say something cannot be done; anyone, whether ignorant or not, can simply say no to something and kill an entire project.
However one such professional should at least be willing to sit and take a long hard look at things in an attempt to find a way for his clients’ projects to work and suggest how to go about it, unless they were definetly contrary to the law.
So when choosing a privacy professional for your organization and/or projects, you may care to consider whether or not that person meets with these characteristics outlined by Ms. Butler, and whether that professional’s attitude is of qualified enablement or incompetent obstruction.