Privacy breaches: Bad for business, good for jobs

As major companies spend billions to shore up privacy, demand is rising for IT professionals with the right skills

privacy thumbs-up

"You have zero privacy anyway -- get over it," Sun Microsystems co-founder Scott McNealy famously quipped back in 1999. But 15 years later, it might be more accurate to say: "You have zero privacy anyway -- so cash in on it."

The never-ending intrusions on personal and corporate privacy by government and industry, not to mention social media companies and app developers, are leading to a small but growing jobs boom for IT professionals and others skilled in protecting privacy.

A new survey by the International Association of Privacy Professionals (IAPP) found that Fortune 1000 companies are now spending an average of $2.4 million on their privacy programs, with financial services, consumer products, and retail firms leading the way. A third of the companies responding to the survey plan to increase their privacy program staff, while only 3 percent expect to reduce staffing in that area.

The organization estimates that aggregate spending on privacy by the Fortune 1000 will total $2.4 billion and will result in the creation of about 900 full-time and 2,200 part-time jobs this year. Given the size of the IT workforce, that not a huge number. But it doesn't include the much larger number of jobs that require expertise in privacy, says IAPP CEO Trevor Hughes.

In an era when women are still largely absent from the top ranks of tech business, the survey indicates that 48 percent of privacy leads are female, with more than half of the people carrying the title of chief privacy officer command a salary greater than $200,000.

Salaries of rank-and-file types on privacy teams are less clear, but Hughes estimates they pay a premium of $5,000 to $20,000 a year.

Privacy is a hybrid specialty

Privacy as a specialty is relatively new, and it cuts across several areas and lines of business, including IT, security, legal, and compliance. "Privacy pros need to be bilingual: They have to speak the language of law and of tech," says Hughes. People who speak both languages -- Hughes calls them "translators" -- are particularly valuable and well-placed to succeed, he says.

That last point tracks with a broader trend in tech, the ongoing transformation of IT from a service-and-support organization to a line of business responsible for developing moneymaking ideas and applications. Privacy may not yet be a profit center, but understanding how applications, for example, might intrude on personal privacy can save a business from embarrassment, a loss of customers, and expensive lawsuits.

Indeed, privacy can be a selling point. When Apple CEO Tim Cook introduced the iPhone 6, one of the first features he mentioned was the device's built-in encryption (which iPhones have had since 2010, but now is a selling point thanks to Edward Snowden's revelations). Google has also made encryption the default for new smartphones and tablets running Android Lollipop, so it's harder for third parties to gain access to the data on the device.

There is a contradiction: Consumer data is a valuable commodity. Many companies partner with advertisers and various third parties that package and resell data. Yet their customers also worry about their privacy from such uses. Friction between the privacy team and business development types exists in some cases, Hughes concedes.

Where the privacy jobs are for IT

If you're looking for a privacy-related position, look beyond jobs that say "privacy" in the subject line of a posting, advises Hughes. A quick search of, a large IT-focused job board, suggests he's right.

If you set the Dice's search engine to only look for jobs with "privacy" in the title, a mere 35 slots pop up. But search for "privacy" in the job descriptions and you'll get more than 900 hits. For example, listings like one for an OnBase administrator for MemorialCare Health System require familiarity with HIPAA privacy regulations, while a job in Texas for a SharePoint administrator demands knowledge of best privacy practices.

It's worth noting that some of those listings mention privacy only in passing, while others position privacy as a notable skill.

The IAPP has offered privacy-related certifications since 2004 and has awarded more than 10,000 across six categories. The CIPT cert is designed for IT professionals seeking privacy training and certification and, based on demand from the IT industry, was recently relaunched in September 2014, the organization says. Since its inception, nearly 2,000 professionals have received CIPT certification.

However, it isn't clear how much of a difference these certifications will add to your paycheck, says David Foote, principal at Foote Partners, which tracks the value of IT certifications and skills.

"The marketplace is not recognizing privacy certs and skills at a level where we can produce statistically significant data to report them. In others words, not enough of the 2,648 employers who contribute benchmark data are paying extra for these skills and certifications," he says. But Foote qualified that a bit in our discussion, noting that because IT is only one component of privacy-related jobs, it is harder to separate out privacy-related IT's value.

The bottom line: Look to privacy-related skills as a way to enhance your career in IT. Because some of the definitions in this area are squishy, it might make sense to schedule informational interviews with companies that seem to be making privacy a selling point or that have been singled out as good examples of consumer-friendly privacy practices.

Copyright © 2014 IDG Communications, Inc.