<< Job Hunt

What It Takes to Be a Privacy Professional

people sitting with masks on
October 8, 2020


Anita Fineberg has practiced privacy law for more than 25 years. In this blog post, she writes about the skills needed to become a privacy professional.

Earlier last month it was reported that nearly 50,000 Canada Revenue Agency accounts were found to have had “suspicious activity” — four times higher than previously thought. What’s more is there’s now evidence that hackers were accessing Canadians’ accounts a month before the CRA realized. This latest cyberattack is yet another example of the need for privacy professionals nationally and internationally.

With rapid technological advances making it easier to store and share vast amounts of personal information, people around the world are increasingly concerned about privacy. Responding to that concern, a growing number of specialized privacy professionals are working in companies of all shapes and sizes to craft privacy policy, implement privacy initiatives, and provide high-level guidance to executives and boards.

Growing Demand for Privacy Professionals

Privacy is a career choice that’s filled with opportunity. Globally, over 100 countries now have some form of privacy legislation with some, such as Canada, having multiple laws, applicable to different sectors (e.g. public, private, and health), as well as to organizations operating in different jurisdictions (e.g. federal, provincial, and municipal). Privacy budgets are expanding, with most of the respondents to a 2019 survey conducted by the International Association of Privacy Professionals (IAPP) expecting an increase next year. And more than nine in 10 of those same respondents are confident that privacy “helps open career doors.” However, many people end up in privacy roles almost by accident when they’re asked to take charge “because someone has to do it.

Yet for privacy professionals to do their jobs well, they need a thorough grounding in privacy governance and policy, as well as a good understanding of information technology. They also need a cluster of “21st century skills,” including excellent communications skills, as well as the ability to be creative, innovate, think critically, engage in problem-solving, collaborate, stay flexible and adaptable, and respond quickly to new challenges.

Benefits of Post-Secondary Education in Privacy

Because privacy is such a complex discipline and mistakes can have serious consequences, it’s hard to learn all of this on the job. But educational programs focused exclusively on the needs of privacy professionals are few and far between. The G. Raymond Chang School of Continuing Education at Toronto Metropolitan University, where I teach, offers one: the Certificate in Privacy, Access, and Information Management. By delivering a rigorous standard of training, programs like this can improve privacy protection for Canadians.

There are clear benefits for employers, too. Organizations are stronger when they can:

  • hire new privacy professionals who can get “up to speed” faster because they have been equipped with practical skills they can apply on the job right away
  • provide their privacy teams with cross-disciplinary, forward-looking knowledge tailored to the needs of their specific industry
  • build an in-house resource that understands how other organizations are dealing with similar issues and that can help manage regulatory, reputational, and legal risk.

Privacy professionals themselves can leverage educational programs to stay up to date on industry trends and boost their work and personal development goals. When they acquire strategies that help them complete tasks more efficiently, they can take on more responsibilities and advance into new roles. Meanwhile, distance education choices make it easier to fit learning into busy lives.

The bottom line is that enhanced qualifications benefit both privacy professionals themselves and their employers: individuals are more marketable and businesses benefit from the superior, specialized knowledge and training that these qualified professionals bring to manage an organization’s privacy risks.


Anita Fineberg has practiced privacy law for more than 25 years. She is an instructor in and Ambassador for The Chang School’s Certificate in Privacy, Access and Information Management.