<b><i>Online Extra:</b></i> Survey: Privacy Professionals Well Paid, Differ in Regulated and Unregulated Industries

What does it mean to be a privacy professional today? As it turns out, it means that you're likely at manager or director level and comparatively well paid, and you also interact often with the information security, IT, legal, regulatory compliance and HR departments. However, it also means that your budget isn't where you'd like it to be and your staff may be too small ' especially if you're in government.

The International Association of Privacy Professionals (IAPP) and Ernst & Young (EY) have released their Annual Privacy Governance Report for 2015, highlighting how departments across a number of organizations handle privacy work. The survey of nearly 800 privacy professionals endeavored to find where the professionals stand in their organization, who they work with on a daily basis, the team's priorities, and the maturity levels or privacy teams across the country, among other figures.

Notably, the survey found that privacy professionals are well paid. Sixty percent of those surveyed reported an income of $100,000 or higher, with almost a third earning $150,000 or more. This corresponds with an increase in stature ' the survey found that the leading privacy role, typically a chief privacy officer, is viewed as equivalent in seniority to the longer established chief information security officer.

There are some key differences, though, between how highly regulated industries (such as banking and healthcare) and unregulated industries (such as software and retail) approach privacy. According to the survey, unregulated industries 'report a greater investment in privacy programs as well as a more strategic focus on risk mitigation, brand management and consumer expectations.' These companies, the survey said, also position privacy as a 'competitive differentiator.'

For regulated industries, however, handling privacy concerns is a given, and the focus is instead on shoring up compliance and accountability processes. Seventy percent of privacy professionals in regulated industries reported using internal auditing protocols for privacy purposes (compared with 60 percent for unregulated industries), and professionals in regulated industries were also more likely to have a privacy working group or a vendor management program.

The survey also noted that there is a close correlation between the size of an organization and the maturity of that organization's privacy program. Privacy programs in large companies reported being 'far better staffed (24 professionals on average) and resourced ($1 million on average) than those in small and medium enterprises (two staff members and $75,000 respectively).' Furthermore, the survey found that the more mature a program was, the more likely it was to be risk-based rather than focused on compliance. The survey found no significant difference in average maturity between regulated and unregulated industries, or between public and private organizations.

Still, there is a lot of growing to do for privacy in all organizations. 'If there is one thing made clear by this first in a series of annual EY-IAPP Privacy Governance Reports, it is that privacy governance in organizations is still nascent,' the authors of the survey said in its introduction. 'Just under a quarter of the nearly 800 respondents to our survey were the creators of the privacy program at their organization. And only 36 percent of those heading up privacy programs have privacy as their sole occupation. This is not one of those industries where old warhorses wax poetic about the good old days before the Internet changed everything.'

'–'Zach Warren, Legaltech News

'

What does it mean to be a privacy professional today? As it turns out, it means that you're likely at manager or director level and comparatively well paid, and you also interact often with the information security, IT, legal, regulatory compliance and HR departments. However, it also means that your budget isn't where you'd like it to be and your staff may be too small ' especially if you're in government.

The International Association of Privacy Professionals (IAPP) and Ernst & Young (EY) have released their Annual Privacy Governance Report for 2015, highlighting how departments across a number of organizations handle privacy work. The survey of nearly 800 privacy professionals endeavored to find where the professionals stand in their organization, who they work with on a daily basis, the team's priorities, and the maturity levels or privacy teams across the country, among other figures.

Notably, the survey found that privacy professionals are well paid. Sixty percent of those surveyed reported an income of $100,000 or higher, with almost a third earning $150,000 or more. This corresponds with an increase in stature ' the survey found that the leading privacy role, typically a chief privacy officer, is viewed as equivalent in seniority to the longer established chief information security officer.

There are some key differences, though, between how highly regulated industries (such as banking and healthcare) and unregulated industries (such as software and retail) approach privacy. According to the survey, unregulated industries 'report a greater investment in privacy programs as well as a more strategic focus on risk mitigation, brand management and consumer expectations.' These companies, the survey said, also position privacy as a 'competitive differentiator.'

For regulated industries, however, handling privacy concerns is a given, and the focus is instead on shoring up compliance and accountability processes. Seventy percent of privacy professionals in regulated industries reported using internal auditing protocols for privacy purposes (compared with 60 percent for unregulated industries), and professionals in regulated industries were also more likely to have a privacy working group or a vendor management program.

The survey also noted that there is a close correlation between the size of an organization and the maturity of that organization's privacy program. Privacy programs in large companies reported being 'far better staffed (24 professionals on average) and resourced ($1 million on average) than those in small and medium enterprises (two staff members and $75,000 respectively).' Furthermore, the survey found that the more mature a program was, the more likely it was to be risk-based rather than focused on compliance. The survey found no significant difference in average maturity between regulated and unregulated industries, or between public and private organizations.

Still, there is a lot of growing to do for privacy in all organizations. 'If there is one thing made clear by this first in a series of annual EY-IAPP Privacy Governance Reports, it is that privacy governance in organizations is still nascent,' the authors of the survey said in its introduction. 'Just under a quarter of the nearly 800 respondents to our survey were the creators of the privacy program at their organization. And only 36 percent of those heading up privacy programs have privacy as their sole occupation. This is not one of those industries where old warhorses wax poetic about the good old days before the Internet changed everything.'

'–'Zach Warren, Legaltech News

'