Privacy Officers: What do they do?
Google Trends tells us there has been a slow and steady increase in interest in privacy officers over the past five years. It also tells us that Australians are amongst the ten countries most interested in finding out more about privacy officers. In this blog post, we’re going to shed light on privacy officers by outlining what they do and what you need to do to become one.
What is a privacy officer?
Broadly speaking, a privacy officer is a person within an organisation who is responsible for privacy. In some organisations, there is a dedicated team of privacy officers who are responsible for overseeing privacy, sometimes reporting to a Chief Privacy Officer or other senior leader. In others, certain team members are tasked with managing privacy as part of their broader role of overseeing compliance and risk.
From our research, we know that ‘privacy officer’ positions are the most commonly advertised privacy role in Australia. Of the 34 privacy roles we looked at as part of our privacy job analysis in March 2021, 11 were for a ‘privacy officer’ role. This is consistent with analysis from previous periods. Other than in December 2020 where there were more positions for consultants, the privacy officer position have always been the most advertised.
What do privacy officers do?
Typically, privacy officers play an important role in organisational privacy programs. They manage and respond to privacy complaints or concerns, identify shortcomings and potential areas of non-compliance, undertake (or outsource) privacy impact assessments, and advise and guide on all privacy-related matters. They are also responsible for developing and overseeing privacy management planning.
Privacy officers are not necessarily legal experts, although, if not, they often work closely with the legal department in interpreting privacy laws and compliance obligations as part of the management of privacy issues in the organisation.
Privacy officers and cybersecurity
One aspect of privacy management is cybersecurity. However, privacy officers should not be confused with IT security managers. Both roles do involve privacy considerations, however, privacy officers are more focused on compliance with privacy laws as well as organisational privacy priorities. IT security managers, on the other hand, are more involved in the technological infrastructure and processes that protect private information. They also support compliance (like managing implementing and managing access controls and ensuring the organisation has a robust information security incident response capability). Although their roles are different, privacy officers and IT security managers support each other and need to work collaboratively. A strong privacy officer and IT security manager alliance is crucial for effective privacy management.
You can read more about the difference between privacy and security here: https://privacy108.com.au/insights/difference-between-security-privacy-job/
Education and training to become a privacy officer.
Privacy is a multidisciplinary field that attracts candidates from a wide variety of backgrounds. Often, job advertisements will call for a tertiary qualification in law. However, it’s just as common to see job advertisements seeking candidates with experience in compliance and risk – which opens the doors for candidates who haven’t studied law.
While we are seeing less of an emphasis on the need for candidates to hold a law degree, privacy officers are increasingly being asked to hold relevant privacy qualifications. Aruma, for instance, is currently advertising for privacy officers in Sydney, the ACT, and Melbourne and asks that candidates hold one or more of the following privacy certifications:
- Certified Information Privacy Professional (CIPP),
- Certified General Data Protection Regulation Practitioner (GDPR-P),
- Certified Information Privacy Management (CIPM),
- Certified Information Privacy Technologist (CIPT),
- Certified Information Systems Security Professional (CISSP),
- Certified Information Security Manager (CISM), or
- Certified Information Systems Auditor (CISA).
Career progression for privacy officers.
There’s little doubt that privacy is a growing field. Recent papers produced by the Australian Human Rights Commission and Australian Competition and Consumer Commission, alongside a modest increase in funding for the Office of the Australian Information Commissioner all point to the growing consumer and regulator concerns about privacy.
Moreover, businesses are increasingly being called upon to do more than simply comply with legal obligations. Consumers expect transparency and openness about privacy practices and privacy breaches. As consumer concern grows, we would expect to see increases in the number of privacy officers employed and privacy consultants engaged by Australian organisations.
In terms of salary, Salary Expert estimates that Australian privacy officers will enjoy an 11% increase in average salary by 2026: https://www.salaryexpert.com/salary/job/privacy-officer/australia
For those looking at entering the field or transitioning from a complementary area, we have provided some guidance on a career roadmap for privacy professionals: Career Roadmap for Privacy Professionals – Privacy108
Privacy Officer Training by one of Australia’s Leading Privacy Experts
- Privacy 108 offer a comprehensive program of data privacy and security training, aimed at helping individuals develop their skills. We have training options for security people looking at specialising in privacy and for privacy practitioners interested in developing their security skills, and for anyone looking at joining either the privacy or security workforce. We provide training to help you attain some of the most valuable privacy and security certifications including:
- Certified Information Privacy Manager (CIPM – iapp)
- Certified Information Privacy Professional / Europe (CIPP/E – iapp)
- Certified Information Privacy Technologist (CIPT – iapp)
- Certified Information Security Manager (CISM – ISACA)
We can also design special training courses to meet individual organisational needs.