The path of privacy

The rise of a profession

Looking back, there have been individuals working on issues related to privacy for decades, says IAPP's Hughes.

In the early 1970s, however, there weren't many pros specifically focused on privacy, besides a handful of lawyers working in government.

At the time, much of this work revolved around the creation of the Privacy Act of 1974, which governs the collection, maintenance, use and dissemination of personally identifiable information maintained by federal agencies.

Within the private sector, the profession began to take hold during the dot-com boom, Hughes says.

“Not until the 90s did we see corporate America recognising the need for specialists in the field of privacy,” he says. At the end of the decade, there were still fewer than 150 privacy professionals in the US, Hughes says.

By 2002, when Hughes came on board as executive director of the IAPP, the organisation had around 500 members. Today, its base has grown to more than 9000 across 70 countries.

“It has been a story of very significant growth year after year, with so many factors feeding into that growth and helping to build the profession,” Hughes says.

An influx of privacy and data security regulations applying to individual business sectors and US states have been largely responsible, experts say. Also driving the profession is the near-light-speed pace of technological innovation.

As a result, new privacy concerns crop up almost daily and are garnering more and more attention from both consumers and policy-makers. The rise of social media, online behavioural advertising, mobile devices and cloud computing, for example, have all raised questions about the proper collection, storage and use of personal data.

Still, the majority of privacy professionals are employed within large organisations, according to the IAPP's 2010 Salary Survey. The poll of nearly 1000 members found that 64 percent of respondents work at organisations with 5000 or more employees.

While large companies in the US are focusing on privacy due to brand concerns and strong enforcement of state and federal regulations, many small organisations are still struggling with such demands, says Andy Serwin, chair of the privacy practice at law firm Foley and Lardner, and executive director of The Lares Institute, a technology and information governance think tank.

Some small businesses don't have a handle on the privacy laws with which they must comply, he says. Others simply do not have sufficient resources necessary to build out a privacy program within their organisation.

Next: Ad evolution