Privacy’s Va-Va-Voom Year

The professional practice of privacy is in vogue. Its va-va-voom moment is being spurred by the vigor and vibrancy of privacy professionals as well as the world in which they operate.

By variety, volume, and velocity the work of privacy professionals has never been greater. More privacy pros are needed, and the proof is in the hiring. According to IAPP research, and despite fraught economic conditions, 33% of organizations saw their privacy teams grow in the past year. The vitality of privacy pros within organizations cannot be overstated. The emergence and proliferation of global digital regulations relevant and adjacent to privacy will further propel the prominence and importance of privacy professionals within organizations.

The days of organizational governance issues being mischaracterized as contained to supposedly hum-drum issues of board composition, reporting, and decision-making are over. The ubiquity of and depth to which new digital technologies are integrated within organizations and society, for better or for worse, is matched by the vastness of global regulatory activity on the same. The design and application of privacy law to emergent technology is old hat. Newer, however, is the advent of requirements in new and proposed digital regulations focused on safety, competition, accessibility, discrimination, and proprietary rights, to name but a few. The EU’s digital strategy, comprising the regulatory acronyms GDPR, DSA, DMA, DGA and NIS2, as well as the forthcoming AI Act, best encapsulates the alphabet soup of regulatory requirements in the digital domain.

Related:3 Key Privacy Trends for 2024

Understanding the new digital regulatory requirements is a top priority for organizations in 2024.  Investing in good governance and empowering the people that will do the work will be imperative for long term success. How organizations manage their resources and utilize new technologies starts at the top. The lingua franca, the tools, and the professional discipline demanded will span across organizational functions, assets, and risks. The strategic imperative for good governance and the Damocles sword of it wrong will dominate board-level focus. With time and capital finite luxuriant resources, many organizations will seek to leverage existing expertise and muscle memory.

Increasingly, privacy professionals are multilingual and multidisciplinary experts within their organizations, working to effectively communicate and implement the emerging best practices and rules for the responsible management of data-driven technologies across various teams and business functions. According to the 2023 IAPP-EY Privacy Governance report, privacy teams continue to take on more work and are working in more multi- and inter-disciplinary ways than ever before, with 86% reporting that they regularly work with three or more teams within their organization.

Related:EC Says European Private Data Can Flow to Compliant US Companies

The work of a privacy professional to design and implement transparency notices, internal data handling policies, and impact assessments, as well as their ability to translate complex regulatory jargon into actionable advice for engineers, c-suite, and marketing teams alike (to name just a few examples) are all ripe for usage in broader digital governance domains, particularly on AI regulation. IAPP has shown how more than 50% of respondents designing AI governance approaches are building on top of privacy programs and more than 40% are using existing privacy assessments to manage AI risk. A separate report revealed how 63% of organizations have tasked their privacy functions with AI governance, with 60% of organizations reporting that they have either already established an AI governance function or will likely establish one in the next 12 months.

While it will nonetheless take a village for organizations to rise to and meet both the challenges and opportunities presented by the increasingly complex and important digital governance landscape, the privacy professional will be a key denizen in that village. Of course, there is more to the new era of digital governance than privacy. Much more. Privacy professionals -- many of whom in fact have ascended from other forms of work, with intellectual property being a common stomping ground -- have a knack for venturing and applying their craft in new domains, and with verve too. Privacy as a backwater? Never was or no more. Privacy is having its va-va-voom moment.

Related:Sign Up for InformationWeek's New Cyber Resilience Newsletter