Por: Juan Carlos Carrillo.
Back in 2006, then IBM CPO Harriet Pearson, CIPP/US, said, «a good CPO must do more than just ensure that companies comply with the present-day law. They must also attempt to second-guess future innovation and design company security policies and procedures accordingly.”
While the position of the CPO has most certainly changed in the past eight years, as has Pearson’s, this quote has stood the test of time as innovations in technology—and with that, data collection, retention and usage—continue apace.
More recently, K Royal, CIPP/US, CIPP/E, wrote a post for Privacy Perspectives on what makes a good privacy officer. Within the body of the post, and in the comments below, it becomes clear that a CPO’s job is a lot more than checking compliance boxes. “To build this list, I searched online for the top 10 traits or characteristics of compliance officers, salespeople, CEOs and managers,” Royal writes, and then goes on to include janitors, airline attendants and social workers. Others offered up fire fighter and technology geek as CPO comps.
In order to come up with a more nuts-and-bolts list of the responsibilities of the CPO, we’ve collated, categorized and condensed a number of online job descriptions for CPOs, resulting in the description below. Certain industries, such as finance and healthcare, will have industry-specific laws and tasks, this below is a general overview. Looking for a healthcare-specific example? See here.
But let’s work to define this more clearly together. What did we miss? What needs changing? Send Emily Leach an email with your suggestions, and we’ll revise the description as innovations revise the job.
Chief Privacy Officer: Sample Job Description
Compliance related to privacy, security, confidentiality
Coordinate regulatory monitoring efforts
Operationalize compliance efforts
Employee Management & Oversight
Build & Improve the Privacy Program
Third-party Contracts, etc.