Privacy Professionals Are on the Rise

It’s really no surprise. Companies are managing greater amounts of complex data and the cost of non-compliance with privacy regulations is greater than it’s ever been, both from a financial and reputational standpoint. As a result, companies need the expertise to make sure they conform to these rising standards.

According to ACC’s 2022 Chief Legal Officers Survey, 60 percent of CLOs expect an increase in privacy-related regulatory enforcement in their industry over the next year, and nearly 75 percent of CLOs expect the privacy landscape to at least “somewhat impact” their business operations.

When asked to rate the top issues (out of 16 listed) in terms of their overall importance to the business, cybersecurity, regulation/compliance, and data privacy were by far the most important and have remained so for the past three years.

Sixty percent of CLOs expect an increase in privacy-related regulatory enforcement in their industry over the next year.

Additionally, 55 percent of CLOs reported data privacy protection as an issue likely to cause the biggest legal challenges for their organization, ranking second behind industry-specific regulations at 66 percent. Compare this to as recently as five years ago when only 27 percent of CLOs reported privacy as being an “extremely important” issue for their organization.  

Privacy reports to the CLO in half of organizations

ACC’s annual CLO survey report, along with several other ACC studies, have shown a clear and dramatic increase in the importance of and focus on privacy issues. What has been unclear is where the privacy function sits and to what extent legal is involved.

We know that legal staff in the smallest legal departments are typically generalists, having either to handle all legal work (including privacy) directly or allocate to outside counsel specialists. Though, 75 percent of departments say that privacy is managed exclusively in-house according to ACC’s 2021 Law Department Management Benchmarking Survey.

However, the 2022 CLO Survey shows that privacy (whether handled by an individual or as entire function) now reports to the CLO in nearly half of all companies worldwide. In companies where the privacy function does not currently report to the CLO, 15 percent believe it should. Out of 21 business functions, privacy now ranks as the third most common reporting to legal after compliance and ethics.

Most Common Functions Reporting to Legal
Percentage of CLOs that oversee each function
Compliance: 80%
Ethics: 48%
Privacy: 47%
Risk: 40%
Government affairs: 29%

Legal’s oversight of privacy is also being demonstrated through the investment in privacy technology. Thirteen percent of CLOs believe that privacy issues will be their top resource challenge through 2022. Fifty-six percent said they have already implemented technology solutions in preparation for complying with data privacy regulations, and 23 percent of CLOs report that they plan to adopt data privacy technology solutions to improve efficiency in the next year.

An increase in hiring and compensation is expected for privacy professionals

Nineteen percent of CLOs say they expect to increase hiring of privacy professionals in 2022, which is up from 14 percent in 2021. This number is as high as 30 percent among larger companies (with greater than US$10B in revenue), likely due to the scale and complexity of the privacy issues faced.

The ACC Foundation’s 2020 State of Cybersecurity Survey also showed that 24 percent of companies have a data protection officer, and 22 percent now have a chief privacy officer, up from 16 percent in 2015.

Along with our partner Empsight International LLC, ACC also collects extensive compensation data on dozens of in-house legal positions each year.

The chart below shows the base salary and total cash in USD of three of the most common privacy roles in the legal department: Chief privacy officer, privacy director, and privacy manager. The median base salary for all three positions has increased since 2014, with chief privacy officers showing the most substantial change.

Privacy Professionals Compensation, 2014-2021
Median base salary and total compensation of chief privacy officer, director of privacy, and privacy manager

In the eight-year period presented, the median base salary for this position jumped from US$190,000 to US$285,000 (a remarkable 50 percent increase). Base salaries for privacy directors and managers were the highest in 2021 as well, though the increase for those two positions was more moderate.

For directors, the median base salary in 2014 was US$169,000 compared to US$187,000 in 2021 (a 10-point increase) and for managers it increased from US$106,000 to US$129,000 — or 22 percent. Although the trends for both director and manager base salaries have shown more ups and downs, the overall tendency since 2014 is clearly positive.

The outlook for privacy in the legal department

All the indicators shown reflect that the legal department’s strong focus on privacy is here to stay. CLOs rank data privacy as a critical issue for the business. Many oversee the function directly as part of the legal department and are also looking to hire privacy specialists in greater numbers.

ACC will keep monitoring the evolution of privacy in the legal department. Keep an eye out for our 2022 Legal Department Benchmarking Survey (June 2022) for further insights on how the privacy function is structured and managed, as well as the 2022 ACC Foundation: The State of Cybersecurity Survey (October 2022) for valuable insights and trending data on the evolution of key privacy policies and practices.