No one likes job hunting. If you say you do, you’re probably lying. Finding the job of your dreams or even one tangentially related to your field can be emotionally exhausting. Privacy professionals are no exception to this general rule. But the added complication is that pros also have to navigate a field that is still relatively new, which means that the organizations that need them are still working out the kinks internally.
Verasafe Privacy Counsel Calli Schroeder, CIPP/E, CIPP/US, CIPM, experienced that as she searched the job market recently. During a breakout session at the IAPP Privacy. Security. Risk. conference in Las Vegas last week, Schroeder said many of the job postings she looked at were created by organizations that needed privacy professionals but were written either by people who seemingly didn’t know anything about privacy or had done very little research about what they realistically would need in a hire.
Schroeder cited one example in which an organization wanted a candidate with five to seven years of experience with the EU General Data Protection Regulation. She pointed out that it would be literally impossible for anyone to meet that level of experience at this current time as the GDPR has only been in effect since 2018.
Zachary Plotkin is a recruiter at Infinity Consulting Solutions in the areas of compliance, legal, privacy, cyber and GDPR. He said in his experience staffing privacy professionals, he found most organizations had no idea who to place in the role after the GDPR came into effect. Because it was regulation, Plotkin said, most entities defaulted to hiring an attorney to be their in-house privacy professional.
As time went on â€” and especially as of late given data protection authorities’ enforcement actions â€” companies started to have a better understanding of what they’d need to have effective privacy programs that complied with laws and regulations, and the qualifications started to shift. Plotkin said most organizations will work with a candidate they see as a strong potential and recommended that job seekers try not to get too bogged down in the minutia of the job posting itself.
“The job description is [asking for] the ideal candidate. I donâ€™t think Iâ€™ve ever placed the ideal candidate,” Plotkin said. “No one is going to care if you have five years instead of seven. If you understand what you are talking about most organizations will be flexible.”
Representing the hiring manager perspective within the discussion was Facebook Privacy and Public Policy Director Shane Witnov, CIPP/US. Witnov shared Plotkin’s stance on experience and added that lacking a law degree is not a deal breaker. Candidates should feel comfortable in their standing as long as they are well versed in privacy.
“For the roles on my team, they are more senior, so we arenâ€™t hiring people right out of law school,” Witnov said. “But you donâ€™t have to have a law degree. Most of the requirements are flexible, but its mostly, ‘Do you have substantive privacy experience?'”
Of course, part of the challenge for prospective privacy professionals is getting a foot in the door. Schroeder said she understands why companies may be hesitant to bring on a lot of inexperienced employees. It can be a significant cost to train a completely green workforce. But if no one is willing to take the initial hit to eventually accumulate a strong and savvy supply of future privacy professionals, the profession stalls and eventually burns out, doesn’t it? There are only so many veterans in such a young field.Â
“There are very few zero- to two-year openings. At some point, someone has to train people and give people an opening to learn,” Schroeder said. “Because thereâ€™s no way to skip the zero- to two-period of my life.”
For those who have been unemployed for an extended period of time, Plotkin recommended obtaining a certification in their chosen field as they await their next vocation. Plotkin said studying for and obtaining a certification is a good way to stay proactive while on the job search. He said he even uses it as a selling point when he talks up his clients during his interactions with organizations searching for a privacy professional.
As for other tips to help stand out in the crowd, job candidates should update their LinkedIn profiles to make sure their privacy experience is front and center and to continue to work on their networking skills, the panel agreed. Plotkin and Witnov both said they lean on LinkedIn very heavily during the hiring process. Witnov said he’s often copying and pasting LinkedIn profiles to his peers as they discuss the best candidate.
The three speakers also said coding can be a valuable skill for privacy professionals to invest in learning, even at a very basic level, as they make their way through the job market. Schroeder added candidates should become aware of how they’re different from others in the market in order to highlight their specific qualifications during an interview.
The good news is that the demand for privacy professionals is likely to stay on the incline for the foreseeable future, especially as the requirements of the GDPR, California Consumer Privacy Act and other laws stay top of mind for organizations around the world.
And while landing a job in privacy can be a challenge as a relative newbie, it can also be sort of an asset. If you started working in privacy in 2018, not even the veterans are going to say they’ve got significantly more experience with the CCPA than you, for example. Some of the laws and regulations are so new that everyone is starting from the same place.Â
“One of the things I love about privacy law is that itâ€™s a great place to start because the privacy regulations are new,” Schroeder said. “Itâ€™s a great entry point when you are trying to get into a new field and catch up quickly. You really have a lot to contribute in this space.”