What makes a good privacy professional?

Emma Butler, , published an entry in the blog of the International Association of Privacy Professionals discussing the characteristics that are to be sought in a privacy professional. The key questions she poses to select the right person for such a role are:

“…do you want a lawyer who just advises on the interpretation on the law and leaves decision making on privacy and subsequent implementation to the business? Or do you want a practitioner who can drive the privacy programme from the ground up, making key decisions and delivering privacy effectively across the business?”

Following she outlines the :

  • Someone who can make decisions.
  • Understand business priorities and limitations.
  • Deliver training.
  • Assist with risk assessment and project manage.
  • Develop and run the privacy programme.
  • Take a strategic view as well as firefight daily.
  • Plan for the medium and long-term but also react quickly to changing demands and deadlines.
  • Unlikely to also be experts in employment law, coding, firewalls or liability caps so they need to be able to successfully co-operate with, and use the expertise of, all facets of the business. And speak their language—whether marketing, IT, legal, audit, risk management or business development.
  • Be leaders.
  • Be able to explain to and influence the senior management to get buy-in for projects, resources and changes to process, policy or even culture.
  • Champion privacy and compliance among the business, often globally, and both lead and support other compliance staff or business champions.
  • Be visible, personable and available to all staff: a source of advice and expertise, and a business enabler.
  • Public speaking skills, presentation skills, diplomacy and the ability to think on your feet.

The mention of the privacy professional as a “business enabler” is key in my line of thinking and practice. I believe it doesn’t take a “highly-pedigreed” lawyer with lots of credentials to say something cannot be done; anyone, whether ignorant or not, can simply say no to something and kill an entire project.

However one such professional should at least be willing to sit and take a long hard look at things in an attempt to find a way for his clients’ projects to work and suggest how to go about it, unless they were definetly contrary to the law.

So when choosing a privacy professional for your organization and/or projects, you may care to consider whether or not that person meets with these characteristics outlined by Ms. Butler, and whether that professional’s attitude is of qualified enablement or incompetent obstruction.



Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión /  Cambiar )

Google photo

Estás comentando usando tu cuenta de Google. Cerrar sesión /  Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión /  Cambiar )

Conectando a %s

Compliance Report

Compliance and Ethics Powered by Advanced Compliance Solutions


Startup and Technology News

Xavier Ribas

Derecho de las TIC y Compliance


Marcus Kazmierczak

Take To Task

Analyzing the Nonsense

Business & Money

The latest news and commentary on the economy, the markets, and business


Canal de difusión con los medios.

Martha Salamanca Docente

Blog de TICs, Redes Sociales y Multimedia Educativo

Devil's Advocate Crib

Just another WordPress.com site

Investigating Internet Crimes

An Introduction to Solving Crimes in Cyberspace