Getting a privacy gig in Australia

There’s a buzz around privacy and privacy jobs.  As privacy trainers and consultants, we are often asked about privacy careers and how to get into privacy.  We’ve pulled together some information for those considering a leap into the privacy world. Hopefully this provides a little more background plus some tips for people interested in pursuing a career in privacy.

It’s just the beginning …

Although privacy has been around for a long time, the privacy profession is relatively immature  For many organisations, privacy has until now involved having a website privacy policy …. and that’s about it.  In many cases, even that privacy policy was ‘borrowed’ from another company without much thought about its application or suitability to the ‘borrowing’ organisation.

The growth of the digital economy and increased legislation and regulation around data protection (particularly from the EU) has increased organisational awareness of privacy, and the potential downside of non-compliance. But for most organisations, there’s a steep learning curve in going from having a privacy policy to designing and implementing an organisation wide privacy management and compliance program covering all the personal data processed worldwide.

One privacy professional recently commented that many of the job postings she looked at were created by organizations that needed privacy professionals but were written either by people who either didn’t know anything about privacy or had done very little research about what they realistically would need in a hire.

The reality is that most often organisations don’t know what they want or what help they need to get there.  This is reflected in the diversity of job titles and role descriptions in advertised positions that Privacy 108 identifies in our regular analysis of job ads in Australia.

Download Privacy 108 – Privacy Job Report

Bear this in mind when you are looking at advertised roles.   What they are asking for may not in fact be what the organisation wants (or needs).   Be prepared to be flexible and pro-active in your interview. Try and find out what problem the organisation is trying to solve and be prepared to pitch how you can help do that.

We want experience

Unlike other professions or careers, there’s no clear entry path (whether via study, apprenticeship or more junior roles) into the privacy field as it is still relatively new.

Our on-going  analysis of job ads shows that all require some sort of experience depending on the actual role.  The most common requirement is at least 3 – 5 years prior experience in a similar role.   This makes it difficult for newcomers to the profession.

If you don’t have any experience, make the most your soft-skills.  Designing and implementing a privacy program is often more about change management than privacy regulation.  Any experience leading a team, managing cross organisational projects, identifying and defining business requirements, writing and implementing policies, developing and delivering training or engaging with different parts of the business is relevant and should be highlighted.

Making contacts

Our analysis indicates that Federal and State governments are the biggest advertisers for privacy positions, followed by financial services organisations and technology companies.  If you currently work in those sectors, it may be possible to transition from where you are into the privacy team.

Like all professions, it is important to build your network of contacts.   Our survey of privacy professionals suggests that most are likely to look at their existing network to identify potential candidates for new positions.

Download  Privacy 108 Australian Privacy Professionals Survey 2019

Talk to anyone you know who is already in the privacy profession.  Joining a special interest group or attending industry events can also be helpful.  Regulators, law firms, consulting organisations and technology providers who are active in the area also often run events that can provide excellent networking opportunities. Networking helps provide a better idea of the profession, increases your knowledge and skills and, at worst, is likely to result in you making some new friends.

Conclusion

So, it’s clear that it can be difficult to get a foothold in this exciting and challenging new area of practice: how do you get in, who do you need to talk to, what skills and experience do you need? None of this is clear and even employers may not know what they want.

Keep all this in mind when you are looking at opportunities or trying to work out what qualifications or skills will help you transition to a privacy career.  Use your network, try and get some experience and develop your soft skills.  The good news is that most organizations will work with a strong candidate.  So, don’t get put off by the lack of detail or conflicting or unachievable requirements in the job posting itself: have a go!

And remember, joining the privacy profession gives you the opportunity to help shape an exciting new sector in Australia with some really great people.

Dr Jodie Siganto CIPM CIPP/E CISSP

May 2020

Jodie is one of Australia’s leading privacy and cyber security professionals with extensive consulting and training experience. Graduating as a lawyer, she spent 10 years working as in-house counsel for computer companies in Sydney and Singapore before commencing practice as a security management and privacy expert in Brisbane in 2000. She completed a PhD at QUT in 2015, in privacy and information security law.