Most Chief Privacy Officers are fairly specialized, often coming from a legal or law enforcement background. Regardless of background, I’ve found ideal startup Chief Privacy Officers do three things particularly well.
First, a great Chief Privacy Officer will work to create educated evangelists inside the company. Our Privacy team at Return Path, under Dennis Dayman’s leadership, had a lot of experience and industry certifications, but that experience was not something only for regulators and other companies, or only bragging rights within their team. They also took the time to make sure others in the company, especially in the product management and engineering teams, received some of that same training and those same certifications. By not making the Privacy team a single point of knowledge or failure, Dennis was able to integrate Privacy into of our product strategy and offense, as opposed to limiting it to a mitigation or defensive function
A second ideal characteristic of a Privacy Officer is that they also handle the basics of InfoSec, in addition to privacy. If you’re actually a security-related company or a massive consumer or financial organization, you may need a dedicated Chief Information Security Officer. If you aren’t, then a good Chief Privacy Officer should be able to handle a number of the functions that a CISO would otherwise handle, especially on the policy and communication front.
And third, a great Chief Privacy Officer is an excellent communicator, both internally and externally, and they help connect you to the relevant members of your community or ecosystem. When we had a sizable data breach on Thanksgiving Day about 10 years ago, our fractional head of privacy, Tom Bartel, was on the spot. He wrote emails and external blog posts that needed almost no review. He was also instantly communicating with dozens of his counterparts at related companies so that the industry knew where we stood and what we were doing about the problem. It was like an instant activation of an emergency response system!
Don’t wait until you have a data breach to hire a great Chief Privacy Officer, because by the time you need one, it will be too late.
-Matt Blumberg, May 4, 2023.