Operationalizing Data Protection & Privacy: Lesson 22 - Professional Organizations & Privacy Certifications
Dave Grohl w/Foo Fighters - Quicken Loans Arena - Cleveland, Ohio - July 25, 2008 - Photo by Aaron Mendelsohn

Operationalizing Data Protection & Privacy: Lesson 22 - Professional Organizations & Privacy Certifications


Disclaimer:  The views and lesson here are mine alone and do not represent my employer, the LEGO Group, or previous coursework taught at Cleveland State University School of Law.


As the DP&P profession has grown over the last decade, we have seen an explosion of trade groups and professional organizations enter the market, offering everything from benchmarking, knowledge sharing, networking, lobbying, conferences, and research and analysis.  Additionally, some of these organizations offer professional and technical certifications that allow DP&P professionals a way to enhance their subject matter knowledge and make themselves more marketable to employers.

When used correctly, your participation in these organizations can accelerate your DP&P program and your career.  By forging relationships with other like-minded DP&P professionals you broaden your network and learn how others approach similar operational challenges.  Professional organization can also keep you updated on changes in the law and market, which can help steer your DP&P program in the right direction. 

But not all these professional organizations are created equal, as some are more reputable than others.  And while certifications are certainly nice to have, they often come with significant investment and maintenance costs.

Let’s go a bit deeper.

  1. The most prominent trade organization for DP&P professionals is the not-for-profit International Association of Privacy Professionals (or IAPP). The IAPP is nearly 25 years old and oversees the preeminent certifications in the industry, which includes the Certified Information Privacy Professional for the US, Europe, Canada, and Asia, as well as certifications for program management, privacy technology, and AI governance.  The IAPP also hosts the largest industry conferences which includes the Global Privacy Summit in Washington, DC (in the spring) and the Europe Data Protection Congress in Brussels, Belgium (in the fall).
  2. If you’re not already a member of the IAPP, it’s a fantastic resource for new and experienced DP&P professionals.  While membership isn’t free, there are several free resources and newsletters available on their website, and even more tools and information as a member.  There are discounts available for public sector employees and students, and many large organizations are corporate members which provide a set number of individual memberships depending on the level of corporate membership. 
  3. The IAPP also coordinates local chapters called KnowledgeNets to promote smaller in-person networking and knowledge sharing events within specific geographies.  Run by volunteer chapter chairpersons, KnowledgeNets are a great way to connect with other DP&P professionals in your region and build a local community.  A full list of local chapters is available on the IAPP’s website and attending a local chapter meeting is an easy introduction to the profession if you’re just beginning your DP&P career. 
  4. Some DP&P professionals though have a love/hate relationship with the IAPP, and it’s primarily due to cost.  While they provide tremendous resources to the DP&P profession, it does come at a significant price.  There’s a fee for annual membership, training, preparation materials, exams, and then once you have a certification(s) you must maintain an active membership and complete a certain amount of continuing education credits (which sometimes has a cost too – such as attending an IAPP conference).  Of course, it’s great when your employer can fund it (and there are ways to bring down the continuing education expense through free resources), but if you’re independently employed or trying to uplevel your DP&P career on your own, the out-of-pocket expense adds up quickly.   
  5. The value of an IAPP certification is heavily debated amongst DP&P professionals and can be a divisive topic, and not just because of the cost.  While an IAPP certification can serve as a baseline for competency in the DP&P field, it can’t replace real world experience, and some more experienced professionals resent the need to maintain a pricey certification just to be seen as competent in DP&P.  But in many organizations, even for an entry level job, having an IAPP certification is a requirement, and it will be difficult to be considered without it. 
  6. Ultimately, you need to decide what’s most valuable to you as a DP&P professional, and chances are, the IAPP will likely be the first professional organization you join.  But it doesn’t need to be the only one, as there are lots of others that carve their own niche in the profession.  Some of these are invite only for heads of DP&P, others are sponsored by vendors (which leads to some sales pitches), some prohibit vendors, while others are a part of a bigger organization with a section devoted to DP&P.  Many of these smaller organizations operate under Chatham House Rule, which allows for a more casual and honest conversation. 
  7. While DP&P isn't just a legal function, many local, state, and national bar associations have sections devoted to privacy and cyber security. This includes the American Bar Association and the Association of Corporate Counsel, which have been engaged in these topics for years. Most of these bar associations have more recently added resources for other emerging tech risks such as AI that can help legal and non-legal DP&P professionals alike.
  8. If you decide to join other professional organizations, do a bit of reconnaissance to determine its mission and structure.  If there is a fee to participate, you should understand how that money is being used.  If it’s vendor sponsored, you should be comfortable with listening to sales pitches from vendors you might not be interested in.  If it’s a new organization trying to create a network of DP&P professionals, you should learn more about who is organizing it and what’s their motivation.  There’s room in the market for lots of niche organizations, but just be careful not to join one that risks your reputation or requires a big upfront cost. 
  9. There are also several other non-profit organizations that focus on DP&P, either exclusively or as part of a larger technology driven mission.  Some of these have been around for decades, while others are newer.  A few of the more prominent ones include the Center for Democracy & Technology, The Future of Privacy Forum, Electronic Frontier Foundation, and noyb.  They offer unique perspectives on DP&P and can be another valuable resource for your organization or in your personal development. 
  10. Many cyber security organizations also devote part of their service offerings to DP&P, as the two disciplines are so intertwined.  Major cyber security conferences usually have multiple sessions devoted to DP&P topics and some cyber security peer knowledge sharing organizations will invite heads of DP&P along with CISOs.  Networking and benchmarking with cyber security leaders can help DP&P professionals understand some of the technical nuances of how personal data is protected and be an opportunity to educate our cyber security colleagues on current privacy issues. 
  11. Some DP&P professionals also maintain cyber security certificates, as the benefit of having both cyber and privacy expertise is immense.  The two most popular general cyber security certifications are the GIAC Security Essentials (GSEC) and the Certified Information Systems Security Professional (CISSP).   These can be particularly valuable to cyber and privacy lawyers in private practice, as it demonstrates to clients a level of technical security knowledge in addition to general privacy expertise.
  12. In the past five years popular enterprise technology research organizations like Gartner and Forrester have added more DP&P content and analysis to their offerings, making them more useful to DP&P professionals, especially those that work closely with digital and IT teams.  Gartner has a legal and compliance offering and an event/knowledge sharing organization called Evanta, and both have broadened their scope to appeal more to DP&P professionals.  Forrester too has some excellent DP&P researchers and can be a valuable resource in validating your program against market trends.  While Gartner and Forrester each have hefty subscription fees, you may already have some level of membership within your IT organization that you can leverage. 
  13. Lastly, universities have also started to develop and offer DP&P and cyber security training bootcamps and certification programs with a focus on making individuals more attractive to employers.  These can be another way to enter the profession with much less commitment (and cost) than a bachelor’s or master’s degree.  They’re also perfect for mid-career professionals looking to change fields or just to uplevel their current skills.  Just be sure to attend a reputable institution, as there are many different business models (including using third party training providers) and you should ask for multiple referrals and understand their job placement services too. 

Jon Stratis Pridgeon

Corporate Generalist | Data Privacy, Cybersecurity & Technology Counsel | Former CPO | Former Global Privacy Lead | CIPP/US

6mo

Excellent discussion…and great photo of Dave Grohl #FooFighters by the way.

Rebecca Shore

Privacy Executive | Speaker | CPO, The Weather Company | Ex-VP, CPO Albertsons Companies; Ex-Under Armour

6mo

Awesome endeavor and what a great penultimate topic (especially for privacy newbies to understand the subtly of what’s out there in this area).

To view or add a comment, sign in

More articles by Aaron Mendelsohn

Insights from the community

Others also viewed

Explore topics