The Increasing Role of a Chief Privacy Officer (CPO)

The Increasing Role of a Chief Privacy Officer (CPO)

Monica Reichert

As time goes on, there seems to be a big increase in C-level roles for organizations. Traditionally, the Chief Executive Officer (CEO), Chief Operations Officer (COO), and Chief Financial Officer (CFO) were the primary and only C-level executives and officers in an organization. As technology expands, so do executive roles. Privacy regulations are a part of this expansion and the need for an executive with a privacy background is desired and in some cases mandated by regulation. Thus, an ever-increasing need for a Chief Security and Privacy Officer.

The rise of the CIO

According to Byron Connolly and his article in CIO Magazine, the role of Chief Information Officer (CIO) became common in the late 1980s. As technology began to play a larger role in organizations, CIOs became the go-to executive for technology throughout the organization. As time went on, the role of Chief Technology Officer (CTO), Chief Information Security Officer (CISO), and CxO (x meaning insert function here…) became common. However, as information privacy grew in prominence throughout the early 21st century, the role of the Chief Privacy Officer (CPO) became a reality.  While the first CPO may have been appointed in the early 90s, it wasn’t until the early 2000s that the International Association of Privacy Professionals (IAPP) started to meet the growing demand of privacy professionals throughout the world.

What Is the Chief Privacy Officer’s Job Description?

The Chief Privacy Officer (CPO) job description is as follows: a senior-level executive responsible for managing an organization’s compliance with information privacy laws and regulations.

Chief Privacy Officer Roles and Responsibilities

The Chief Privacy Officer roles and responsibilities include a myriad of duties. First, they must have executive-level experience or strong leadership experience. Second, they must be knowledgeable in all matters related to information privacy including jurisdictional laws, regulations, enforcement models, compliance, terminology, policies, and privacy program development. Typically a CPO has a law degree, but having a law degree is not a requirement. CPOs might also have an information security and technology background. 

What is the Role of a CPO?

While the role of the CPO may be distributed throughout an organization, gaps may exist. As the head of privacy, CPO can ensure those gaps are filled and enhance existing knowledge of information privacy and impact functions across an organization. A CPO may also be imperative to aid in generating new revenue opportunities as it relates to personal information. While earning revenue off of personal information may raise concerns, it is a practice that can be done legally and ethically to ensure private information is not mishandled. Who knows what the future will hold for the role of a CPO, but as privacy regulations continue to proliferate the globe, such as GDPR, it is important for organizations to evaluate whether a CPO is someone who may help navigate the subjective waters of information privacy.

Why Hire a Chief Privacy Officer?

Some executives and organizations may scoff at the need for yet another C-level person being at the table. Unless the current executives have experience and knowledge of information privacy, they should consider hiring a chief security and privacy officer. As more and more data breaches and incidents become commonplace, the role of CPO becomes more and more imperative for all organizations so that they can be mitigated. As personal information proliferates legitimate and illegitimate websites and databases, it is important to understand the risk versus benefits of collecting personal information, whether personal information can be collected and used, and how to respond to an incident or breach is imperative for an organization. Doing nothing is no longer an option.

Monica Reichert, CRM has been in RIM/IG for many years in many industries (currently the Legal Industry), is a Certified Records Manager, and is currently undertaking a Masters degree in Information Management through Dalhousie University.  Monica firmly believes that privacy and protection of personal information is everyone’s business!