Jun 22 2023

How I engage with the Chief Privacy Officer

Post 4 of 4 in the series of Scaling CPO’s- the other posts are, When to Hire your First Chief Privacy Officer, What does Great Look like in a Chief Privacy Officer and Signs your Chief Privacy Officer isn’t Scaling.

There are a few high-quality ways I’ve typically spent the most time or gotten the most value out of Chief Privacy Officers over the years. Part of it may have to do with the business we were in at Return Path (and now, Bolster), but part of it is understanding what the Chief Privacy Officer needs from the business and working with them in that arena.

For example, I found it helpful to work with the Chief Privacy Officer to help them to deeply understand our business.  Part of what I think we got right in this regard at Return Path was that we almost always made this a fractional role that was combined with other responsibilities — Tom Bartel, Dennis Dayman, and Margot Romary almost always did other senior jobs in operations or product as well.  This is what most likely enabled us to play more offense with the function rather than play defense. Even with an operation or product background, the Chief Privacy Officer is typically focused on external threats and issues and I have found that working with them on business issues not only raises their knowledge, but helps them understand potential security risks.

Another thing I did was to role model training and compliance.  If you mention of the word “compliance” to just about anybody in the organization, you’ll see that it doesn’t usually get anyone’s juices flowing. But it’s important for the company to live up to its obligations with customers and with its own internal policies and we found that if we involved a certain amount of employee training every year around compliance, we were able to build skills and stay on top of changing dynamics.  I always try to be the “first done” on an online training course and make sure to follow related policies so that our Chief Privacy Officer has air cover…and so that I can ask others to do the same with a clear conscience.

During a crisis.  I may interact with Privacy infrequently, but oftentimes when I do, it’s because something has gone wrong, or we’re worried about something going wrong.  That’s ok!  As long as you can be there to support your Chief Privacy Officer on an emergency response basis and practice some level of servant leadership in a crisis (“how can I help here…who do you need me to call?”), you’re doing your best work in this department.

It’s important to have a regular cadence and a strong relationship with the Chief Privacy Officer because when a crisis hits you don’t want to miss any steps. While most of the time things run smoothly in the Privacy domain, the few times when things spin out of control those are the exact moments when you need to hit the ground running, trust your Chief Privacy Officer, and help get everything sorted out.

(You can find this post on the Bolster Blog here)