Chief Privacy Officers who aren’t scaling well past the startup stage typically have a few characteristics in common. Keep an eye out for the following telltale signs.
First, if your Chief Privacy Officer looks at you sideways when you ask for a strategy or even a mitigation plan for a breach, then you might have a bigger problem than the fact that you don’t have a plan. While we like to talk about things like Privacy by Design and using data protection as an offensive strategic weapon, the reality is Chief Privacy Officers need to have actionable plans in place at all times for the areas where they judge your company to be the most vulnerable. If you ask to see the plan or get briefed on it and you get back a blank stare, you know you have a reactive person on your hands for what needs to be a thoughtful proactive role.
Second, you might have a Chief Privacy Officer who is not scaling if they would rather lecture you on GDPR than talk about why your data protection plan will win business. Privacy people can be geeky, legally-oriented, policy-focused, and very technical. That’s all well and good, but there’s so much more a great Privacy Officer can do. For example, if your Chief Privacy Officer can’t engage in strategy with you and other executives and understand the levers of your business and how their role can help further them, you may as well use an outside law firm instead of taking up a valuable seat at your internal table.
The Privacy team can be small and somewhat insulated from the business, but your Chief Privacy Officer needs to be able to engage the entire company, they need to be thinking strategically about the business, and they need to have short and long-term plans in place for contingencies and foreseeable roadblocks. If they can’t bring these skills to the table in early startup stages, how can they bring them to the table when things really take off?
-Matt Blumberg, May 18, 2023.