What’s in a name? Developing a privacy workforce taxonomy

Our research shows little consistency in titles  for advertised privacy jobs in Australia.  You can support an initiative to develop a privacy workforce taxonomy.  Read more to see how.

Australian privacy workforce analysis

As part of our on-going review of the privacy profession in Australia, we review the extent to which recognised positions, with attached skills, capability and experience requirements, are developing via an analysis of on-line advertised privacy positions.  The identification of recognised roles supports the development of a skilled and knowledgeable workforce, which in turn is a key pillar of an effective privacy program.

To date, our analysis of privacy positions advertised in Australia shows little consistency in job titles (or role descriptions).

For example, in March 2020 the only job title used more than once in privacy positions advertised on Seek.com.au and Indeed was ‘Privacy Officer.’ Out of the 31 advertised positions, there were six (6) roles for Privacy Officers, with variations including ‘Data Privacy Officer’ and ‘Information and Privacy Officer.’  The title for similar advertised roles included ‘Privacy Manager’ and ‘Privacy Specialist.’   There were 8 positions that included lawyer in the title although again all the job titles were different.  The titles included Cyber Data Protection Lawyer, Lawyer (Freedom of Information and Privacy) and Senior Information & Privacy Lawyer.

Similarly, in our June 2020 review, of the 19 roles advertised, the only title used more than once was Privacy Officer.  The next most common role was that of the privacy lawyer, with titles including Privacy Lawyer, Senior Associate Lawyer Cyber Incidents & Data Protection and Senior Information & Privacy Lawyer. For the first time there was a position advertised specifically for a sales role: Data Protection Sales Agent.

Other than legal positions, privacy or data protection ‘officers’, ‘managers’ and ‘specialists’ are the most commonly privacy positions advertised online in Australia. But what does this lack of consistency of job titles mean?

Benefits of a privacy workforce taxonomy

The development of a commonly understood job titles and skills (or a workforce taxonomy) is evidence of a maturing workforce.

A taxonomy informs the development of a workforce that better manages privacy risk, recognising the different roles that people in organisations play in managing privacy risk.

A privacy workforce taxonomy can also help shape consistent position descriptions that could inform education and training, and help employers identify the positions required.   With a taxonomy. organisations understand who to hire, what those new hires should focus on, and how to train them effectively to mitigate privacy risk across the organization.

Defined job roles provide clearer career paths for people looking at entering the privacy profession.  They provide clarity around the skills, experience and capabilities required and give job applicants an opportunity to develop those skills and capabilities to meet the requirements.

NIST privacy workforce taxonomy

Recognising the importance of the development of a privacy workforce taxonomy as part of the maturing of the privacy profession, the iapp and the NIST Privacy Engineering Program have kicked off a privacy workforce taxonomy initiative.

In January 2020, the NIST Privacy Engineering Program published the NIST Privacy Framework. As the framework roadmap stated, “Further development of a knowledgeable and skilled privacy workforce (to include privacy practitioners and other personnel whose duties require an understanding of privacy risks) is necessary to support organizations in better protecting individuals’ privacy while optimizing beneficial uses of data.”

The proposed privacy workforce taxonomy will be aligned with the NIST Privacy Framework and the Workforce Framework for Cybersecurity (NICE Framework), to provide a common language around roles, tasks, knowledge, and skills. Since NIST’s approach to privacy and cybersecurity is to recognize their independence as disciplines as well as their overlap, the goal is to create resources that organizations can use in a modular fashion to address their workforce needs for privacy and cybersecurity.

What can you do?

The Privacy Workforce Taxonomy Program need your help! This is an opportunity for privacy professionals and those in legal, tech, security, data science, engineering, product development, human resources, design, and marketing disciplines to collaborate with the IAPP and NIST.

How can you engage?

September 2020