Live Q&A Recap: How to Build a Successful Career in Privacy
If you could turn back the clock and help your younger self build a successful career in privacy, what would you say?
That’s exactly what we asked Judy Titera, Chief Privacy Officer at USAA, in a recent session of The Privacy Collective.
Judy reflected on her twenty-five year career in privacy and offered advice to professionals at every stage in their career journey.
In case you were unable to attend the session, we’ve got you covered. Continue reading to find out what you missed.
Highlights from the session:
- Overcoming challenges to build a successful career in privacy
- The power of education and networking
- How the right technology can help you navigate a changing landscape
Privacy Then and Now
Privacy has changed drastically in the past two decades. Data privacy laws have never been as important as they are today.
Gartner predicts that by the end of 2024, 75% of the world’s population will have its personal data covered under modern privacy regulations.
This exponential increase from only 10% global coverage in 2020 raises the stakes for many organizations, especially those operating globally.
Judy shared one of the biggest reasons she loves working in privacy is because it’s always challenging.
“There is always something new,” Judy added that she’s not one to stay in the same job, especially for twenty-five years, if it’s the same thing day in and day out.
When asked how she entered the world of privacy, she shared a memory of how it all started with a simple hand raise.
Start by raising your hand
“I did not look to go into privacy, it came to me. I was very fortunate. In 1998, I was working at an insurance company and the GLBA law was just coming out. The proposed HIPAA regulations had just come out as well. Well, I was in a meeting and [at the time] I was a paralegal in a law firm and they said, ‘Does anyone have any capacity to do a new project?’ I raised my hand and had that opportunity to implement our GLBA program and then our HIPAA program.
I always like sharing that story with especially young people to just say you never know. When you volunteer to do some work that’s a little bit different or something you may not be comfortable with – raise your hand and learn some new things. For me, that ended up being a 25-year career in privacy. So, I’m a big fan of raising one’s hand.”
It takes a village
Judy learned from the very beginning that privacy is a team effort and should be a priority across the organization.
“The privacy team worked closely with our information security team and that collaboration started on day one. I didn’t expect that when I first started. I was thinking it was just going to be policy and notices, but really that connection was a really important aspect of the privacy program.”
When it comes to an incident, everyone has a part to play. Prevention is also key. Employee training and education are critical, as we know 98.3% of security incidents are unintentional or non-malicious in nature, often caused by human error.
Pivotal moments in privacy
Judy had several “aha” moments that truly stuck out over the course of her privacy career.
- Meeting compliance with new data privacy laws
“I think the first really pivotal time was 2001 when California had the first data incident reporting law on the books. The industry was just like ‘What in the world are we going to do? How are we going to handle this?’ So, that was really an important part of understanding we had to give notice to individuals, regulators, et cetera.
That next piece was around 2014 when HIPAA HITECH rules came out with their breach notification rules. And shortly after that, we started to see more and more states jumping on. Before that, it was a little bit slow, but I think at that point other states realized, ‘OK, we need to know what’s going on with our residents.’”
- The power of digital transformation
“Another really aha moment for me, and I’m not just saying this to say this, was right around the time we were working data incidents in spreadsheets, trying to track every single law. My Chief Privacy Officer at the time called in RadarFirst at the very beginning to do a demo. And I remember just seeing the demo, and I literally ran into her office [to say] ‘we need, we need this.’ So, I want to just say thank you to Radar and the founders. I’ve been using Radar my entire career, because it is such an important part of our privacy program.”
- Data is currency
“The next aha moment was really around the Facebook Cambridge Analytica event that happened. One of the things which was an aha moment for me, as a privacy professional, was understanding how information was being used and shared – and misused. If I give you free information, that’s my currency. I’m saying I get free services, but that information is being used.
After Cambridge Analytica, what I expected was for people around the world to say ‘No way! Stop it.’ They looked a teeny bit, and then everyone just went right back because they wanted free services. That for me was a sign. That we, as privacy and security professionals, really needed to up our game. Individuals expect organizations to protect information and use information at the highest level.”
Is Privacy a Good Career?
A career in privacy is an excellent choice with endless opportunities.
Judy has seen the demand and scope of the privacy officer’s role change over the past twenty-five years.
“There’s so many more Chief Privacy Officer roles out there than ever – almost every company is looking for a privacy officer now. But it’s not just about that role, there’s so many other opportunities and growth opportunities – whatever your interest is, there’s a place where you can find a role.”
Opportunity has no limits in this field. Just take Judy’s word for it:
“[There are a] hundred, maybe a thousand opportunities. I’ve also been very connected with the International Association of Privacy Professionals (IAPP). I’ve been involved for almost my entire career.
And the very first conference I went to there were about 300 people there, which you know [at the time] was a lot. Now, if you’ve gone to one of those conferences, there are now thousands, thousands, and thousands of people. I mean it’s grown. And so, that is a sign that the privacy space has grown substantially over the last twenty-five years.”
A career in privacy is not for everyone
And that’s okay.
Judy shared about needing to “love the gray” and emphasized, “If you like every day to be the same, this is not the career for you. You really [need to] embrace those challenges, embrace the unknown, because the laws are changing rapidly.
We have proposed regulations for years. We have guidance that may or may not apply to you. There’s always a little of, ‘we’re doing this, but not that’ from the operational side. So, you really [must] love a challenge, love to investigate, and love to [have] really difficult discussions on what your organization might want to do and what they maybe shouldn’t do. Loving to have those kinds of conversations, that’s what makes it fun.”
“Continue to take care of yourself. This job can be extremely stressful. You are on the frontline. You’re making tough decisions, you are working in the gray.” – Judy Titera, Chief Privacy Officer
There’s no room for fear in this profession. Judy continued, “You have to go all in – understand really where you are, understand your organization, and what regulations [apply].
Even if you’re not an attorney, one of the things that I always tell teams to do is read the laws. If you’re a HIPPA organization, go back, and I’m old school, to the 2013 preamble of HIPAA and read through that, read the full law. Understanding that and having that in-depth understanding is just going to serve you well in the future.”
The Power of Privacy Education and Networking
Privacy is such an important part of everything we do and it’s complex.
We polled our viewers on how privacy is changing and when education should begin. The overall consensus is that privacy needs to be a part of early education.
And it’s definitely getting there! Shari Kenney, RadarFirst Strategic Account Manager and our host during the session, shared that her 6-year-old is bringing home coloring worksheets with all of the different internet safety rules to follow. She found it a bit startling at first, but then very reassuring and comforting that we are educating as early as we are.
Judy shared similar experiences and is hopeful for the future of privacy.
“I always say, if you’re looking for something interesting, something creative, something that brings a lot of opportunity– privacy is your field.” – Judy Titera, Chief Privacy Officer
“I think the seeds have been planted a few years ago and they’re blooming, right? I think it’s an outstanding time to get into the profession. It’s only going to continue to bloom and grow, so I am super supportive of anyone who is looking at this field.“
The best part about a career in privacy is that you’ll meet so many interesting people and be exposed to unique perspectives. Judy commented on the diversity in privacy:
“When I look at my team and when I go to conferences, I look around the table at other people and we’re not the same. That’s the beautiful thing about the privacy profession. It is diversity of thought, diversity of people. It’s everyone – everyone is welcome in this profession, which makes it very exciting for me.”
What skills should you sharpen to prepare for the future?
Which degree you have does not necessarily matter. What’s more important is which skills you possess.
Judy called out a necessary skill if you’re looking to build a successful career in privacy:
“One of the things especially from an operational standpoint is to have that critical thinking skill – having that inquisitive mind is something that is really needed in this role. There’s so much more to privacy than just the legal piece.”
Why mentorship is key to build a successful career in privacy
No matter where you’re at in your career, there’s always opportunity for mentoring.
Judy likes to have two different mentors at any given time. One really dedicated to the profession – someone who’s going to be able to provide you with career advice.
The second type of mentor she advocates for is a “life-coach mentor.” She’s always had a mentor like this – either someone outside of her organization or someone she doesn’t work directly with. This type of mentor helps create a safe place for days when you just need someone to talk to. It’s important to have that dedicated space to say, “Help me figure this out. Am I making sense?”
Judy stressed no matter what stage of your career you are at, whether you’re fresh out of school or if you’re a part of the C-suite, you need to have that safe place to get grounded.
When looking for a mentor, Judy offered some tips:
- Don’t be afraid to ask someone to mentor you – 95% of people will feel honored and say yes
- If you see someone who you admire or is doing something interesting – just reach out to them
- Find someone who you really want to spend time with and who makes you comfortable
- Understand how to connect with your mentor and identify what you want from the relationship before reaching out – being able to articulate that to your mentor helps build a successful career in privacy
- If you’re not getting what you need out of a mentorship, move on!
How to Adapt and Build a Successful Career in Privacy
The privacy landscape is constantly evolving. This is not “learn it once and then you’re set for life.” Continual learning is critical in privacy. Judy stressed the importance of keeping up with what’s going on in the world, changes in the industry and regulation, and any new technologies that present risk.
Tips from a pro on how to navigate a changing privacy landscape:
→ Know your business. Make sure you’re understanding the laws and rules that apply to your organization. Period. That’s the foundation.
→ On top of understanding your business, have those connectivities with the business, so you can understand the full picture.
→ Attend webinar sessions and seek continued learning opportunities. If there’s an area that you don’t know too much about (for example, AI) – learn the privacy pieces. You can find classes, free webinars, and even podcasts on just about every topic. So, continue to learn and build your knowledge base.
→ Hand-in-hand with continued learning is networking. When you attend a conference, connect with other privacy professionals. You don’t need to share your personal, industry secrets, but take time to ask, “How are you finding this (the California Consumer Privacy Act)? How are you managing or what have you heard?”
Technology: friend or foe?
We polled our audience on the biggest technology threats for the future: ChatGPT, AI, Metaverse, and Quantum Computing. A trick question as they all can be seen as threats.
As privacy professionals, Judy shared we need to increase our knowledge and learn about these new technologies. She cautioned those in privacy to start exploring (if you haven’t already) the privacy risks for each of these and begin planning for tomorrow.
“We have to meet our goals. We’re working hard. We have to be thinking about the future. The future is now.” – Judy Titera, Chief Privacy Officer
The volume of data continues to exponentially increase and this presents a real threat to organizations who are looking to safeguard the trust of customers, investors, and regulators. Judy cautions organizations to work on minimizing data and retention to reduce risk.
The undeniable answer to keep up with shifts in the privacy landscape is to leverage technology made for privacy. Judy left the audience with some final words of advice:
“If you haven’t yet, start looking at things like privacy enhancing technologies. There’s a lot of goodness that’s out there. Using that technology to combat what’s ahead of us. Think innovatively and creatively and look towards how we can be proactive rather than reactive.”