Working in Privacy

the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
In my new position a lot pertains to enforcing (thus reading and understanding) regulations, various laws, and also maintaining the privacy of the data pertaining to the patrons served. It got me thinking about what is required to work in a privacy based position. It seems it can go one of two ways:

1. Being an auditor - you need to know the regulations, you're confirming that things are secure, and there are a number of certifications you can go for

2. Be a lawyer

It seems if you were aiming to be a CPO, that the law degree is basically a requirement. The issue is I don't want to be a lawyer and don't want to make the financial investment into law school. My thought was to do the following:

1. Keep getting experience at my current job (won't be an issue)
2. Work on certifications (CIPP/US,IT, CISA, CRISC, CGEIT)
3. Pursue a Masters in Law or Legal Studies (basically amounts to the first year of law school and teaches you to think like a lawyer along with giving you the understanding to interpret law)

Does this seem like a legitimate course of action? Thanks in advance!
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff

Comments

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    In the US, a lot of privacy work is legal related. At least for me in my role, I find that the best way to stay up to date with privacy regulations and issues is to subscribe to the various IAPP mailing lists. You may want to start by creating an account at www.privacyassociation.org. As for carts, the IAPP CIPP/US is probably the most relevant. The ISACA certs you listed are really more risk and governance related. Like anything if you spend time working with lawyers and reading contracts and regulations, you will eventually pick it up. The role of IT professionals in privacy is a bit different than a lawyer's role and I would say complements very nicely. I don't think its necessary to be a lawyer or auditor to work with privacy issues either. While privacy issues fall in my area of responsibility, my scope is from a technology, risk, and data protection perspective.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Sweet thanks for the info paul!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • GoodBishopGoodBishop Member Posts: 359 ■■■■□□□□□□
    the_Grinch wrote: »
    In my new position a lot pertains to enforcing (thus reading and understanding) regulations, various laws, and also maintaining the privacy of the data pertaining to the patrons served. It got me thinking about what is required to work in a privacy based position. It seems it can go one of two ways:

    1. Being an auditor - you need to know the regulations, you're confirming that things are secure, and there are a number of certifications you can go for

    2. Be a lawyer

    It seems if you were aiming to be a CPO, that the law degree is basically a requirement. The issue is I don't want to be a lawyer and don't want to make the financial investment into law school. My thought was to do the following:

    1. Keep getting experience at my current job (won't be an issue)
    2. Work on certifications (CIPP/US,IT, CISA, CRISC, CGEIT)
    3. Pursue a Masters in Law or Legal Studies (basically amounts to the first year of law school and teaches you to think like a lawyer along with giving you the understanding to interpret law)

    Does this seem like a legitimate course of action? Thanks in advance!
    I work a lot in the privacy area, and I would recommend the following:

    Keep getting experience.
    Work on the following certifications: CIPP/US, CIPP/IT, CIPM, CISSP. I toss the CISSP in there because security and privacy are intertwined.
    I like the idea of a Masters in Law or Legal Studies. You might want to think about getting a MBA also.

    You've got the right idea in how to proceed. I would agree with your statement on the law degree.
Sign In or Register to comment.