Home » Security Leadership » Career/Staffing

Advancing a Privacy Career

Sandra Hughes, global privacy executive of Procter & Gamble, answers readers' questions

Q: Imagine you're looking for a new chief privacy officer position. What are the earmarks of companies that really give the position some authority, not just hire a CPO to check off a box for regulatory reasons?

A: For me, it's important that the privacy program be viewed as critical to the organization's mission. At P&G, our mantra is "The consumer is boss." This means that we put the consumer at the heart of all we do and every decision we make. We work hard to earn the trust of our consumers and learn about their needs and wants. This helps us to create products and services that will delight them and improve their everyday lives.

My suggestion is to find out during your interview where the CPO office will be reporting and how important the position is to the business. Is the objective to meet relevant legislation requirements, or is there some other business benefit? The answer will let you know what leverage you will have within the organization to make good risk management decisions.

Why does your role encompass both privacy and competitive intelligence? [Hughes's full title is global privacy executive and manager of competitive and technical intelligence.]

At P&G, both programs are built on a strong ethical foundation and similar internal policy implementation processes. In addition, these areas represent both sides of the same coin—by knowing how and to what lengths unethical individuals will go to get information, I better understand how to protect information that is entrusted to us, as if it were my own.

I notice you're a Certified Information Privacy Professional (CIPP). I was appointed my company's CPO for HIPAA compliance two years ago, and I'm considering going after the certification. Do you think it will give me much of a competitive edge when I look for a new job?

Absolutely. Even if some companies may not recognize the certification because it is only one year old, the knowledge and self-awareness that you gain through the certification process will better prepare you for the job.

During your interview, find out where the CPO office will be reporting and how important the position is to the business.

My company is feeling pressure to adopt RFIDs. I know that privacy and consumer rights groups have concerns about possible misuse of RFIDs, but do you think those people are just a vocal minority?

I believe the concerns for privacy and security while using RFID are real and valid when considering future applications of the technology. This is the reason P&G has taken an active role now to help the industry create best practices for responsible implementation as it continues to develop. Again it comes back to the consumer being boss. We want to be sure that they understand the technology and how it's used, as well as the potential benefits to them.