Want to lead a global privacy program? 6 things to know about CIPM
The laws and jobs to protect our data privacy are growing globally. Twenty years ago, when Ralph O’Brien, a London-based Infosec Skills author and data privacy and protection professional, said he worked in data protection, he heard, “What’s that?” Now, privacy is on everyone’s radar. We’re all facing questions about who sees, uses and profits from our data. “The problem of our age,” claims O’Brien, “is going to be about how we connect and interconnect each other, and at the same time, safeguard our privacy.”
While some of us are waking to the world of technology and privacy, Ralph has been passionately helping organizations of all sizes “understand how best to manage your personal data” for decades. “This isn’t just our data,” hails O’Brien, “this is our hopes, our dreams, our desires.”
We talked with Ralph about his new Certified Information Privacy Manager (CIPM) learning path, the satisfaction earning a CIPM brings and how you can break into the lucrative and rewarding profession of data privacy.
What’s unique about the CIPM learning path?
O’Brien: What I like about the CIPM is its “plan, do, check, act” approach. It not only covers “this is what privacy law says,” but “this is how I’m going to go about delivering a program in a large organization.”
The CIPM imagines you in the hot seat of designing a privacy program for a global multinational company. You go through a case study where you come into a global organization. What do you do on day one to assess the privacy program’s needs, deliver against frameworks and laws and recognize which ones apply to you? You’ll monitor, measure and react to what individuals might want with rights requests and learn to prove your worth and the return on investment.
Who should take the CIPM courses?
O’Brien: The courses have broad applicability and are global. They don’t just look at privacy from a European, U.S. or Asian perspective because privacy and moving data around the globe is truly a global problem. Therefore, the courses approach it from running or contributing to a data protection program within a large organization. It’s applicable for anybody working with or contributing to the data protection and privacy environment.
What are the career benefits of learning CIPM?
O’Brien: For me, it brings huge job satisfaction because it’s an area where you can feel like you are doing good for people. In a professional, career-minded sense, The International Association of Privacy Professionals (IAPP) surveys every year with Ernst and Young about the privacy job market. It’s worth looking at because it shows salaries are going up. The number of jobs is going up globally. More privacy laws are being passed across the world globally. And I’m seeing growth from the EU GDPR to PIPL in China to CPRA in California to talk of federal privacy law in the U.S.
I mean, this is the next big thing. I have had many interesting conversations with people about using social media and how much data they do or don’t give away. People are questioning how organizations and governments are processing and using data. We’re having those fundamental concerns in our everyday lives, and the job market is certainly growing to reflect that.
What are some continuing education options to take after CIPM?
O’Brien: This is geared towards the CIPM from the IAPP, and they have a career path in their qualifications. For example, there is the CIPP/US U.S. law qualification. There’s the CIPP/E, which is the European law qualification. Then the CIPM, which is privacy program management, can do a CIPT, which many security and technology professionals like because that’s the bridge between security and privacy or the bridge between technology and privacy. It’s how to design privacy into a product proactively. So I think the CIPT and the other IAPP qualifications are worth considering.
What’s the most exciting aspect of privacy to you?
O’Brien: The ability to make a difference. Privacy is sometimes considered a consumer rights issue or a “be nice to your customer” issue in America. Here in Europe, we talk about it as a fundamental human right. We talk about it as intrinsic because you’re a human, let alone a Californian, Virginia, or Colorado resident. We tend to think about it as a human right, and that means that I get genuinely excited in the morning every time I get up, and I feel it’s a real privilege to make a difference in people’s lives. If one person comes out of the CIPM and goes back to their organization and produces a product that generally puts the human at its center, that would make me very happy indeed.
By the way, I don’t think that putting a human at its center is mutually exclusive with putting profit at its center. I think there’s a false dichotomy that people can sometimes get carried away with, believing that privacy laws are anti-business or anti-profit. I’ve made a career out of showing organizations you can have everything. You can have both.
Do you have advice for those trying to work in the field?
O’Brien: I think where the real trick comes, and where organizations sometimes miss a trick, is when they look at privacy as something that needs to be in the hands of the lawyers. Therefore what you can sometimes be left with is quite legalistic, hard to read, not very transparent and aimed at senior professionals with technical know-how. I’ve made my career, where I’ve tried to differentiate myself in the market, is working in relatable and translatable ways.
Many hands make light work. There are a lot of organizations looking for good people for both entry-level and senior positions who can take a situation, apply legal principles, make a good argument, and turn those legalistic principles into something that’s commonsense, something that’s transparent and succinct for the user base.
Create your free Infosec Skills account to learn more about Ralph O’Brien’s CIPM learning path.
About Ralph O’Brien
Ralph is a trusted advisor on global privacy and security compliance, practices and management. His experience includes strategic GDPR adoption programs, advisory services and assurance delivery in global multinational environments.
He has worked in various industry sectors, including defense, public sector, pharma and financial services, representing multinational corporations and boutique specialist consultancies.
He continues to be a hands-on practitioner, combining business-level consultancy with training and technical experience. He was responsible for the first global joint 27001/25999 management system to be certified. With a focus on business processes, information protection, and an ethos of management assurance, risk management and knowledge transfer, he ensures effective protection of assets appropriate to the client’s business needs.