Working in Privacy

In my new position a lot pertains to enforcing (thus reading and understanding) regulations, various laws, and also maintaining the privacy of the data pertaining to the patrons served. It got me thinking about what is required to work in a privacy based position. It seems it can go one of two ways:

1. Being an auditor - you need to know the regulations, you're confirming that things are secure, and there are a number of certifications you can go for

2. Be a lawyer

It seems if you were aiming to be a CPO, that the law degree is basically a requirement. The issue is I don't want to be a lawyer and don't want to make the financial investment into law school. My thought was to do the following:

1. Keep getting experience at my current job (won't be an issue)
2. Work on certifications (CIPP/US,IT, CISA, CRISC, CGEIT)
3. Pursue a Masters in Law or Legal Studies (basically amounts to the first year of law school and teaches you to think like a lawyer along with giving you the understanding to interpret law)

Does this seem like a legitimate course of action? Thanks in advance!

Find more posts tagged with

Comments

paul78

In the US, a lot of privacy work is legal related. At least for me in my role, I find that the best way to stay up to date with privacy regulations and issues is to subscribe to the various IAPP mailing lists. You may want to start by creating an account at www.privacyassociation.org. As for carts, the IAPP CIPP/US is probably the most relevant. The ISACA certs you listed are really more risk and governance related. Like anything if you spend time working with lawyers and reading contracts and regulations, you will eventually pick it up. The role of IT professionals in privacy is a bit different than a lawyer's role and I would say complements very nicely. I don't think its necessary to be a lawyer or auditor to work with privacy issues either. While privacy issues fall in my area of responsibility, my scope is from a technology, risk, and data protection perspective.

the_Grinch

Sweet thanks for the info paul!

GoodBishop

the_Grinch wrote: »

In my new position a lot pertains to enforcing (thus reading and understanding) regulations, various laws, and also maintaining the privacy of the data pertaining to the patrons served. It got me thinking about what is required to work in a privacy based position. It seems it can go one of two ways:

1. Being an auditor - you need to know the regulations, you're confirming that things are secure, and there are a number of certifications you can go for

2. Be a lawyer

It seems if you were aiming to be a CPO, that the law degree is basically a requirement. The issue is I don't want to be a lawyer and don't want to make the financial investment into law school. My thought was to do the following:

1. Keep getting experience at my current job (won't be an issue)
2. Work on certifications (CIPP/US,IT, CISA, CRISC, CGEIT)
3. Pursue a Masters in Law or Legal Studies (basically amounts to the first year of law school and teaches you to think like a lawyer along with giving you the understanding to interpret law)

Does this seem like a legitimate course of action? Thanks in advance!

I work a lot in the privacy area, and I would recommend the following:

Keep getting experience.
Work on the following certifications: CIPP/US, CIPP/IT, CIPM, CISSP. I toss the CISSP in there because security and privacy are intertwined.
I like the idea of a Masters in Law or Legal Studies. You might want to think about getting a MBA also.

You've got the right idea in how to proceed. I would agree with your statement on the law degree.