Business needs and requirements demand expertise and coordination for privacy programs and practices. As a result, chief privacy officers, data protection officers, and other designated privacy professionals like privacy analysts are a fast growing presence within the enterprise today. The International Association of Privacy Professionals (IAPP) is 16,000 members strong today (compared to 7,500 back in 2010) and growing!    

In many organizations, a dedicated privacy professional (e.g., a full-time employee who focuses on privacy and not someone who has privacy responsibilities attached to another role) is a new role. Privacy professionals come from a variety of backgrounds from legal to IT, and the details of their role and focus can vary depending on the organization and the size of the privacy team. Yet they all have one thing in common: they must work together with multiple privacy stakeholders – IT, security, legal, HR, marketing, and more! – across the enterprise. And honestly, it’s not always easy. Like any relationship, there are ups and downs.

Previously, my colleague Andrew Rose has done research on the CISO-CIO and CISO-CMO relationship, helping these roles identify and develop a better understanding of each other’s role, common challenges of working together, expectations of each other, and how to improve this relationship. Andy and I are now teaming up to look at the role of the privacy professional and the relationship between the CPO and CISO, and CPO and CMO. Are you a CISO or CMO who works with the privacy professional in your organization? We’d love to connect with you (drop me a line at hshey at!) to hear about your experiences working together with your privacy officer. In exchange for participating in the research, we’d be happy to send you a copy of the final published report as a thank you for your time!