The Privacy Officer takes the lead on privacy matters, being the go-to person for management and staff throughout the organization. Whereas privacy controls are widely distributed and many employees have explicit privacy obligations, the Privacy Officer is ultimately accountable for the adequacy of the organization’s privacy arrangements as a whole, including our privacy framework and compliance with privacy-related obligations (especially privacy laws and regulations).
Distinguishing characteristics of the ideal candidate
- A genuine interest in privacy matters, willing to take ownership of privacy risks, controls and compliance, and to identify, facilitate and promote improvements as appropriate;
- An obvious passion and enthusiasm for privacy, keen to establish a strong privacy culture throughout the organization through advocacy, encouragement, support and collaboration;
- Fastidious, willing to make the effort to find out about applicable laws and regulations and apply that learning to the organization’s practices, from the strategic to the operational levels;
- Realistic and pragmatic in approach, for example understanding that although minor privacy incidents are practically inevitable, they are worthwhile learning points and improvement opportunities;
- Able to see the bigger picture and think strategically where appropriate, since privacy is just one of many business and information issues of concern to the organization;
- Capable and willing to establish effective, productive working relationships with various managers, staff and other professionals (including third parties) on privacy and related matters, guiding them where relevant, responding to their concerns and collaborating on mutually beneficial solutions.
Relevant qualifications, skills and experience
The following qualifications and experience are considered relevant and desirable for this role:
- Compliance/legal and information risk management background: with exposure to the broader aspects of privacy including information security, IT, ethics and incident management, HR, auditing etc.;
- Work in privacy-related matters: at least 1 year’s work experience in a privacy role;
- General: at least 10 years employment post school/academic studies; competent at professional business communications such as writing policies and procedures, providing contemporaneous status updates and presenting/discussing management reports at senior level.