The GDPR is a tremendous step forward for the privacy profession, but the maturity of the profession is what makes GDPR compliance possible.
The privacy profession serves a profound societal role. This is the profession that will help shape the future of privacy and guide the development of technology in ethical ways. With the rapid growth of technology, the privacy profession is more essential than ever. This is the profession that thinks about the human consequences of technology and how to bring the dizzying uses of data under control. Privacy professionals are on the front lines of shaping the data-drenched world we’re racing to construct. This profession will affect our lives and our society in profound ways in the years to come.
My cartoon depicts the discrepancy in the security and privacy budgets at many organizations. Of course, the cartoon is an exaggeration. In an IAPP survey of Chief Privacy Officers at Fortune 1000 companies in 2014, privacy budgets were nearly half of what security budgets were. That’s actually better for privacy than many might expect. Outside the Fortune 1000, I think that privacy budgets are much smaller relative to security.
Fortunately, it does appear that privacy budgets have increased according to the 2016 IAPP-EY Annual Privacy Governance Report which surveyed 600 privacy professionals from around the world. Though the data captured in 2016 has far more details, comparing the charts published by the IAPP in 2015 vs 2016, you can see a significant increase in total privacy spend.
I created this cartoon to illustrate the fact that despite the increasing risk that privacy violations pose to an organization, many organizations are not increasing the funding and resources devoted to privacy. More work gets thrown onto the shoulders of under-resourced privacy departments.
It is time that the C-Suite (upper management) wakes up to the reality that privacy is a significant risk and an issue of great importance to the organization. Looming on the horizon is the enforcement of the new EU General Data Protection Regulation (GDPR), which will begin in 2018. It’s never too early for organizations to start preparing. GDPR imposes huge potential fines for non-compliant organizations — up to 4% of global turnover in many cases. For more information, see the FAQ page I created about the GDPR and privacy awareness training.
Of course, the C-Suite may be quick to say that privacy is very important, but what matters most are the actions they take. Privacy office budgets and sizes should be going up by a lot these days.
Fellowships can be a great way to kick start a career in privacy law. I have added new fellowships the list I published in February 2016, as well as updated deadlines and other relevant information. Click here to see the fully updated list of privacy fellowships. If you know of others I should add, please email me.
The privacy law profession is growing tremendously, but there is a challenge that we’re facing, one that I’d like to enlist your help in addressing – the bottleneck problem. There is a huge bottleneck at the entry point to the field. So I am calling on organizations to address this bottleneck by offering fellowships to recent law school graduates interested in privacy law.
Each year, I teach about 60-70 privacy law students, and there are many other professors teaching similar courses with large enrollments. Many great students want to enter the field, but they find it very hard to do so because nearly every position requires a number of years of experience.
Unlike other field with a more developed entry point, privacy lacks an easy way in. People have to do all sorts of career gymnastics to lateral sideways or slip in from other areas. A while ago, I solicited advice on entering the profession and provided advice of my own, and I posted about it in my post, How to Enter the Privacy Profession.
On the other side, many organizations are seeking to fill privacy law positions but are having a hard time finding enough people with experience.
A Call to Create Privacy Law Fellowships
The privacy profession must address the bottleneck problem and develop a reliable pathway to the profession.
I am therefore calling on companies and organizations to create privacy law fellowships that would last 1-2 years. If you create one, I will list it in my list of privacy law fellowships. Right now, the list is short, and most of the opportunities are in NGOs and the government, with a handful from the private sector. I’d like to triple or quadruple this list . . . and hopefully make it even longer than that.
So if you’re on the privacy team at an organization, please look into creating a fellowship position. If you’re a privacy law professor, please join in my call. A mature profession needs an entry point and a reliable pathway. It’s time to make that happen for privacy law.