Key takeaways:
- The need for privacy expertise has reached an all-time high, with a 30% year-over-year increase in open positions from 2021 to 2022.
- Many have found success shopping for nontraditional candidates, both internally and externally. Look for your existing privacy champions and those who are teachable and curious.
- For many, the needed expertise is shifting away from legal toward more technical skill sets like engineering.
There are a number of hurdles when building a robust enterprise privacy program. Securing a team with the necessary skills and experience may be the most crucial.
It’s no secret that the demand for privacy expertise is exploding. A recent job report by TRU Staffing Partners highlighted a 30% year-over-year increase in privacy roles from 2021 to 2022, and the trend is expected to accelerate.
Rachael Haher, VP of Business Development and Account Management at TRU Staffing Partners said in the report, “Everyone is clamoring over a shortage of talent in privacy.”
She also suggests these talent attraction issues are exacerbated by misalignment of job requirements, titles, and reporting structure.
As a data privacy leader, how do you determine the specific roles and skills you need, and how do you actually find the right individuals?
A Growing Need for More Technical Skillsets
During a recent Data Privacy Board panel on scaling your program, Patrick Chavez, Chief Privacy Officer and Associate General Counsel at Edward Jones shared how they’ve grown their team.
Prior to a few years ago, Patrick said the program was very lean, and the first priority was bringing in legal expertise.
“We’re finding that we have some attorney roles filled out, now we need analyst and manager roles, and those have proven to be a little bit of a challenge,” he shared.
Patrick is not alone in this roadblock. Jennifer Garone, Senior Director of Privacy and Information Governance at Carnival, also touched on this growing need for technical roles such as engineers.
She said that while privacy roles tend to lean on consultative “soft skills,” when it comes to tasks like testing and verifying that a webpage is compliant with CCPA, it’s helpful to have engineers.
In fact, TRU Staffing’s report found that while privacy lawyers were in demand for years, the industry is seeing a growing need for more technical expertise.
Rachael Haher wrote, “A shift is coming. The technical privacy professional is the next big talent pool that we have to create.”
The report goes on to suggest that while many current privacy professionals will ramp up their technical skillset, this talent pool will likely fill up with engineers. This is because it’s considered easier to train someone with a technical background on privacy rather than the reverse.
Be Open to Nontraditional Candidates
Considering the surging demand for talent, privacy leaders may want to shop for nontraditional candidates across the enterprise.
During the panel, Workday Senior Director of Privacy Christina Kogan said she’s somewhat infamous for doing just that. She said she’s hired people from other teams, such as commercial attorneys, and trained them up, and this tactic has been successful.
Christina said it’s faster and easier to train someone on privacy than it is to show someone the ins and outs of operations and what aspects of privacy matter most to the company.
She looked toward the enterprise privacy champions and said, “I find that you can tell a lot about a person, whether they’re going to be successful in a privacy role, based on how they handle privacy in their current role.”
Jennifer echoed these thoughts and shared that while working in a human resource privacy program, she hired intelligent and curious candidates with HR backgrounds and successfully trained them on privacy.
Moreover, she said she’s recently hired a former professional athlete for an entry-level position because of their clear ability to take initiative.
“We need to keep an open mindset about who can do what. Who can have the skills to ask the questions and be curious and learn as opposed to do they have a privacy background?”
Jennifer Garone, Carnival
What Makes a Good Privacy Professional
Advancements in technology will always require new skills and knowledge — today, data and generative artificial intelligence come to mind. For this reason, Patrick said it’s important for your team to keep their eyes on the horizon and be open to learning and development opportunities.
In an evolving industry like privacy, Christina added that you’ll want to look for individuals who aren’t afraid of new tech.
Even so, she said she’s still focused on a lot of the soft skills, particularly collaboration, good judgment, teachability, and curiosity. There’s often someone else in the organization with the subject matter expertise to assist in areas like AI. However, what Christina said she really needs are people with relationship-building skills.
“Yesterday, it was blockchain; today, it’s generative AI. It’s going to be something new every day, and I don’t want to change my team every six months.”
Christina Kogan, Workday
Benchmark Your Hiring Strategy with Other Privacy Leaders
Of course, when it comes to hiring, factors like compensation, job description, and structure are vastly important, particularly in a competitive market.
In TRU’s staffing report, Rachael Haher asked, “Even if you do find the right people, do you find them fast enough, and can you offer something uniquely competitive to entice them to choose your organization?”
Benchmarking with other privacy leaders running programs like yours can be a great way to ensure you’re in line with industry standards.
Data Privacy Board members are able to gut-check their strategies in a completely confidential space. They’ve shared insights on everything from organizational structures to the best interview questions.
Interested in learning more about how the community could help support your program’s needs? Get in touch below.