The State of the U.S. Privacy Job Market, 2019

Few global legal phenomena in recent decades can compare to the sweeping impact the European Union's General Data Protection Regulation has had on big and small businesses alike, both domestic and abroad. GDPR has simultaneously been a job stimulus and an inflection point in how seriously society intends to govern our cultural, geopolitical and social identities as consumers. While U.S. law on data privacy is notably different and currently lacks federal regulation, a company's posture on data privacy has become vital to corporate brand identity — and arguably survival — in a changing global economy. Growth and maintenance of GDPR programs, fragmented updates in domestic privacy regulations, the increasing standardization and acceptance of training and education and an evolving American corporate commitment to consumer transparency around data collection will all alter the landscape of the privacy job market in the coming years. What we call and consider privacy today will enlarge and expand from this early origin, but for the near future, the impact will unquestionably mean more jobs.

What do those jobs entail? Who competes for those jobs? What is the mindset of the hiring managers when evaluating talent? How can someone transition into the space? Over the last half decade, TRU Staffing Partners has represented and continues to represent thousands of professionals and hundreds of opportunities in privacy. The following findings are from day-to-day talent assessment, staffing fulfillment, executive-level interviewing, collaborative job requisition creation and market intelligence and aim to capture the current state and predict the future of the privacy job market in the United States.

Current State

There are more people who self-identify as privacy professionals than one might think. The 2019 Global Privacy Summit hosted by the International Association of Privacy Professionals (IAPP) this April had well over 4,000 attendees, and IAPP membership has soared from roughly 36,000 members to an astounding 50,000+ since GDPR Day 2018. The IAPP plays a key role in the maintenance and professionalization of the privacy field. IAPP certifications are the gold standard for training and certification in privacy (CIPP, CIPM, CIPT, FIP, PLS). The IAPP also releases a compelling salary survey every two years. Here are some quick key takeaways from the 2019 report regarding compensation and education that resonate as real and true:

• Median salaries have risen by more than $8,000 since 2017 to $123,050, and additional compensation in the form of bonuses and raises has also increased — the median value of additional compensation in 2018 was $20,000.
• Salaries are still highest in the U.S.: the median salary of a privacy pro is $150,000, up from $130,000 in 2017.
• U.S. chief privacy officers take in a median salary of $212,000.
• There is approximately an $80,000 difference between the median salary of CPOs and the median salary of non-CPOs.
• 42% of respondents hold a professional degree, such as an MBA, LL.M. or J.D.

Salaries over the last few years have certainly gone up for midlevel hires in privacy roles, and that is where most of the hiring occurs right now. Rewind to 2014 through 2017 and the volume of CPO or partner-level opportunities was quadruple what is available in 2019. Over the last several years, companies have hired or elevated individuals into executive-level leadership roles, and now those professionals are building teams. That does not mean the window of opportunity for a CPO-type role has evaporated, but it does mean the volume of those jobs has and will continue to diminish. This shift in hiring toward midlevel talent — often thought of as a senior associate within law firms or the manager/director level within corporations and consulting firms — will ultimately mean more jobs, but with significantly lower pay than CPOs. For the duration of 2019, the demand will remain high in these areas on the org chart.