Press "Enter" to skip to content

3 Things to Consider Before Hiring a Privacy Officer

Last updated on January 30, 2016

Hiring a Privacy Officer can be one of the smartest moves your business can make. And to save costs, most organizations can simply cross-train existing staff rather than hiring another employee.

Before you start, there are three things you need to consider before hiring a privacy officer:

1. Consider Your Organization’s Needs

Before hiring a privacy officer, you must assess your organization’s needs. The number of privacy officers you need and the amount of time they need to invest in their position depends on many factors.

The Size of Your Organization

How large is your organization?

Small and medium-sized businesses often assign the role of the privacy officer as an employee’s part-time duty until it warrants a full-time position. This role is often combined with a senior role in the HR Department.

Larger businesses, including those in the public sector, often have dedicated roles for privacy officers. These include titles such as Director of Privacy and Chief Privacy Officer.

Geographic Presence

Do you have offices scattered throughout the globe? Are all offices independent, or is everything centralized at head office? Offices in different provinces, states, countries or regions may be subject to different privacy legislation.

One option is to assign the role of the privacy officer to an individual at head office. This gives you the advantage of having one individual manage all the privacy affairs in your organization consistently across all offices.

However, having an intimate understanding of privacy legislation across multiple jurisdictions can be difficult for one person to manage alone.

Another option is to divide the role of the privacy officer across geographic boundaries.

For example, a large organization with offices across the globe can benefit by having individuals in a Canadian, American, and UK office all being accountable for privacy compliance within their own jurisdiction. Conference calls can help keep everyone updated.

Your Organization’s Privacy Affairs

If your organization’s business models relies on the collection, use, and disclosure of personal information, your organization may need to respond to many time-consuming access requests. If you find that you require more manpower to manage privacy affairs then you may decide to create a team of privacy officers to handle the workload.

2. Consider Hiring Internally or Externally

After deciding how many privacy officers to hire and the amount of time needed to invest into the position (part-time or full-time), your organization can seek for individuals internally or externally.

Hiring Internally

Hiring a privacy officer internally is usually your organization’s best bet. Your organization will save time, money, and have an employee who understands your corporate culture and the inner workings of your organization.

Hiring Externally

Hiring a privacy officer externally is costly and time-consuming, but it also has its benefits. Busier organizations may not have the time or patience to promote someone internally and may lack the resources for proper training.

Hiring externally on recruitment sites and job boards can allow your organization to hire a privacy professional or an individual with extensive legal, privacy, or security experience.

Using Legal Counsel

Your organization can also rely on its own legal counsel to manage its privacy affairs. Using legal counsel can help your organization ensure that it takes a lawful approach, but it can also be very expensive.

Privacy officers in larger organizations usually work together with legal counsel on privacy issues that require a legal opinion. This allows the privacy officer to work alongside a professional and only rely on legal counsel when it is necessary.

3. Consider How to Hire the Right Person

Hiring the perfect person every time is the dream of every human resources recruiter. But hiring the right person is more realistic. When hiring a privacy officer, there are a few important things to consider.


When hiring internally, it is best to hire an individual who has already worked for your organization for a few years and understands its line of business. If hiring externally, try to look for individuals with legal, privacy, or security experience.

A privacy officer must not only understand the complexities of privacy legislation, but may also need to create and review contracts. A background in law or an understanding of basic contract law is a major asset.

Strong Judgement

A privacy officer should have strong judgement skills in order to make decisions that not only affect the company’s privacy affairs, but effectively balance all the organization’s other interests.

Professional Image

A privacy officer will need to work with your customers, employees, and management. Having a professional image will help your privacy officer get work done and get taken seriously.

Good Communication Skills

Your privacy officer’s communication skills are the key to success. A privacy officer will need strong verbal, written, and interpersonal skills to work with customers, employees, management and third parties in the form of public speaking, training, educating, creating policies and procedures, and consulting with key stakeholders.

Do you have any more tips for hiring a privacy officer? Share them below in the comments for all to learn from!

One Comment

  1. Rich Rich November 13, 2020

    Can we outsource the role of a privacy officer to a consulting firm vs hiring a person as an employee?

Leave a Reply