All posts in Chief Privacy Officers

Prime Time for Privacy

Daniel Solove
Founder of TeachPrivacy

Prime Time for Privacy 01

Over at Bloomberg Law, I have a short essay entitled Prime Time for Privacy.  From the essay:

The GDPR is a tremendous step forward for the privacy profession, but the maturity of the profession is what makes GDPR compliance possible.

The privacy profession serves a profound societal role. This is the profession that will help shape the future of privacy and guide the development of technology in ethical ways. With the rapid growth of technology, the privacy profession is more essential than ever. This is the profession that thinks about the human consequences of technology and how to bring the dizzying uses of data under control. Privacy professionals are on the front lines of shaping the data-drenched world we’re racing to construct. This profession will affect our lives and our society in profound ways in the years to come.

Read the full essay over at Bloomberg Law.

Continue Reading

Privacy Cartoon: Privacy Budget vs. Security Budget

Daniel Solove
Founder of TeachPrivacy


Cartoon Privacy vs. Security Budget

My cartoon depicts the discrepancy in the security and privacy budgets at many organizations.  Of course, the cartoon is an exaggeration.  In an IAPP survey of Chief Privacy Officers at Fortune 1000 companies in 2014, privacy budgets were nearly half of what security budgets were.  That’s actually better for privacy than many might expect. Outside the Fortune 1000, I think that privacy budgets are much smaller relative to security.

Fortunately, it does appear that privacy budgets have increased according to the 2016  IAPP-EY Annual Privacy Governance Report which surveyed 600 privacy professionals from around the world.  Though the data captured in 2016 has far more details, comparing the charts published by the IAPP in 2015 vs 2016, you can see a significant increase in total privacy spend.

Continue Reading

GDPR Cartoon: Taking Privacy Seriously

Daniel Solove
Founder of TeachPrivacy


I created this cartoon to illustrate the fact that despite the increasing risk that privacy violations pose to an organization, many organizations are not increasing the funding and resources devoted to privacy.  More work gets thrown onto the shoulders of under-resourced privacy departments.

It is time that the C-Suite (upper management) wakes up to the reality that privacy is a significant risk and an issue of great importance to the organization.  Looming on the horizon is the enforcement of the new EU General Data Protection Regulation (GDPR), which will begin in 2018.  It’s never too early for organizations to start preparing.  GDPR imposes huge potential fines for non-compliant organizations — up to 4% of global turnover in many cases.  For more information, see the FAQ page I created about the GDPR and privacy awareness training.

Of course, the C-Suite may be quick to say that privacy is very important, but what matters most are the actions they take.  Privacy office budgets and sizes should be going up by a lot these days.

Continue Reading

An Updated List of Privacy Law Fellowships

Daniel Solove
Founder of TeachPrivacy

Fellowships can be a great way to kick start a career in privacy law.  I have added new fellowships the list I published in February 2016, as well as updated deadlines and other relevant information.  Click here to see the fully updated list of privacy fellowships.  If you know of others I should add, please email me.

Continue Reading

The Need for a Privacy Profession Pathway: An Open Call for Privacy Law Fellowships

Daniel Solove
Founder of TeachPrivacy

Privacy Profession Pathway

The privacy law profession is growing tremendously, but there is a challenge that we’re facing, one that I’d like to enlist your help in addressing – the bottleneck problem.  There is a huge bottleneck at the entry point to the field.  So I am calling on organizations to address this bottleneck by offering fellowships to recent law school graduates interested in privacy law.

Each year, I teach about 60-70 privacy law students, and there are many other professors teaching similar courses with large enrollments.  Many great students want to enter the field, but they find it very hard to do so because nearly every position requires a number of years of experience.

Bottleneck Problem

Unlike other field with a more developed entry point, privacy lacks an easy way in.  People have to do all sorts of career gymnastics to lateral sideways or slip in from other areas.  A while ago, I solicited advice on entering the profession and provided advice of my own, and I posted about it in my post, How to Enter the Privacy Profession.

On the other side, many organizations are seeking to fill privacy law positions but are having a hard time finding enough people with experience.

A Call to Create Privacy Law Fellowships

The privacy profession must address the bottleneck problem and develop a reliable pathway to the profession.

I am therefore calling on companies and organizations to create privacy law fellowships that would last 1-2 years.   If you create one, I will list it in my list of privacy law fellowships. Right now, the list is short, and most of the opportunities are in NGOs and the government, with a handful from the private sector.  I’d like to triple or quadruple this list . . . and hopefully make it even longer than that.

So if you’re on the privacy team at an organization, please look into creating a fellowship position.  If you’re a privacy law professor, please join in my call.  A mature profession needs an entry point and a reliable pathway.  It’s time to make that happen for privacy law.

Continue Reading

A List of Privacy Law Fellowships

Daniel Solove
Founder of TeachPrivacy

Opportunity Business Fotolia_66071917_S 03

One way to enter the privacy profession is to do a fellowship, and fortunately, an increasing number of fellowship opportunities are emerging.

I have written about the challenges of breaking in to the privacy law profession, especially the challenges that recent law school graduates will face.  There are no established career paths in this field yet, so it takes some effort to get started.  Once you’re in the club, you’ll be in big demand, but there’s a bottleneck at the entrance.  This is why fellowships can be a great way to kick start a career in privacy law.

Here are a few fellowships related to privacy that I’m aware of.  If you know of others I should add to the list, please email me.

Continue Reading

Blogging Highlights 2015: Privacy Issues

Daniel Solove
Founder of TeachPrivacy

Privacy Training

I’ve been going through my blog posts from 2015 to find the ones I most want to highlight.  Here are some selected posts on privacy issues:


Privacy by Design:
4 Key Points

title image

What Is Privacy?

Solove Taxonomy of Privacy


Why All Law Schools Should Teach Privacy Law
— and Why Many Don’t

why law schools should teach privacy

Continue Reading

10 Implications of the New EU General Data Protection Regulation (GDPR)

Daniel Solove
Founder of TeachPrivacy

EU GDPR Training General Data Protection Regulation

EU Flag EU Privacy TrainingLast week, the EU issued the General Data Protection Regulation (GDPR), a long-awaited comprehensive privacy regulation that will govern all 28 EU member countries.  Clocking in at more than 200 pages, this is quite a document to digest.  According to the European Commission press release: “The regulation will establish one single set of rules which will make it simpler and cheaper for companies to do business in the EU.”

The GDPR has been many years in the making, and it will have an enormous impact on the transfer of data between the US and EU, especially in light of the invalidation of the Safe Harbor Arrangement earlier this year.  It will has substantial implications for any global company doing business in the EU.  The GDPR is anticipated to go into effect in 2017.

Here are some of the implications I see emerging from the GDPR as well as some questions for the future:

1. Penalties and Enforcement

Under Article 79, violations of certain provisions will carry a penalty of “up to 2% of total worldwide annual turnover of the preceding financial year.”  Violations of other provisions will carry a penalty of “up to 4% of total worldwide annual turnover of the preceding financial year.”  The 4% penalty applies to “basic principles for processing, including conditionals for consent,” as well as “data subjects’ rights” and “transfers of personal data to a recipient in a third country or an international organisation.”

These are huge penalties.  Such penalties will definitely be a wake-up call for top management at companies to pay more attention to privacy and to provide more resources to the Chief Privacy Officer (CPO).  Now we can finally imagine the CEO at a meeting, with her secretary rushing over to her and whispering in her ear that the CPO is calling.  The CEO will stand up immediately and say: “Excuse me, but I must take this call.  It’s my CPO calling!”

EU Privacy Training Money

To date, EU enforcement of its privacy laws has been spotty and anemic, so much so that many characterize it as barely existent.  Will the new GDPR change enforcement?  With such huge fines, the payoff for enforcement will be enormous.  We could see a new enforcement culture emerge, with more robust and consistent enforcement.  If privacy isn’t much of a priority of upper management at some global companies, it will be soon.

Continue Reading

Facebook Privacy Sherpas, the Internet of Things, and Other Privacy + Security Updates

Daniel Solove
Founder of TeachPrivacy

p+s update image

By Daniel J. Solove and Paul M. Schwartz

This post is co-authored with Professor Paul M. Schwartz.

This post is part of a post series where we round up some of the interesting news and resources we’re finding.

For a PDF version of this post, and for archived issues of previous posts, click here.

Continue Reading