Over his 20 years of leading the largest association for privacy professionals, J. Trevor Hughes (Pictured Left, Courtesy of IAPP) has watched as privacy officers went from a novel position in large companies to one of the most in demand, as businesses face increased cyberattacks and data breaches.
Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) based in Portsmouth, was a privacy attorney at a tech company in Andover, Mass., and among the earliest privacy leaders in the country, before being tapped to lead the association.
At the time, IAPP did not have a headquarters but had a volunteer board leading it. “We had 300 members back then,” Hughes says. As data-privacy risk has risen over the past quarter century, so too has demand for privacy professionals who can protect it and keep up with the ever-evolving laws surrounding data protection.
Today the IAPP is the largest nonprofit privacy association in the world with 75,000 members in 150 countries and 240 employees offering training, resources and certification for privacy professionals. In 2021, the IAPP ran more than 1,000 virtual programs for members. “Our subject matter expertise is a massive differentiator for us,” he says.
Privacy professionals began to emerge in the 1990s with the explosion of data being collected and used by companies and really kicked off when, Hughes says, IBM named Harriet Pearson in 1999 as vice president, security counsel and chief privacy officer. At IBM, Pearson was responsible for information policy and practices affecting more than 400,000 employees and thousands of clients.
Today, she is a leading expert in cybersecurity and helped pioneer privacy professionals. “There were very few privacy professionals back then,” Hughes says, with activity mainly geared to posting privacy statements on a website.
The IAPP also helps members stay on top of privacy laws being passed with increasing regularity across the country and globally since California passed the first data breach notification law in 2003 as well as extensive data protection regulations passed in Europe.
These regulations mean companies can pay a hefty price for data breaches and for mishandling data as evidenced by Facebook’s milestone $5 billion settlement with the FTC for privacy violations in 2019.
“Privacy professionals can be overwhelmed with new laws and the risks they deal with every day,” Hughes says, explaining the emergence of cellphones, social media, autonomous automobiles, RFID chips, facial recognition and artificial intelligence disrupt standards and norms in place for privacy. “We have to figure out the ethical norms and navigate the laws that respond to these new challenges.”
Debate still rages, Hughes says, over comprehensive national legislation. “That will be a massive catalyst for growth and change,” Hughes says, adding the U.S. is among the outliers of major industrial nations with its lack of a national policy.
Such a law passing would mean an explosion in demand for privacy professionals in the U.S. and that will mean significant growth for the IAPP, Hughes says. “We will train and upskill those people,” he says. “We project in the next five to 10 years globally, 1.5 [million] to 2.5 million privacy professionals will be needed.”
The IAPP’s membership grew significantly during the pandemic and shows little signs of slowing, Hughes says. “We’re good at what we do and know what we do provides the basis for the future. We have to prepare for scale,” he says, adding the IAPP has been investing in IT, staff and marketing to prepare for the coming demand. For more information, visit IAPP.org.