Chief Privacy Officer: Your Company’s General Counsel Might Need One
Photo by Mimi Thian on Unsplash
A Chief Privacy Officer or “CPO” works in all aspects of an organization. This can include product, e-commerce, analytics, engineering, business development, human resources, customer care, public relations, advertising, and more. A Chief Privacy Officer encounters issues that come from every part of the business.
CPO Magazine explains that part of their mandate is to work collaboratively to “change hearts and minds” both horizontally and vertically in an organization. That’s according to Kirsten Daru, General Counsel of Tile, who made this transition after 10 years at Electronic Arts, ending up with the position of Chief Privacy Officer.
Daru says that the visibility level of a Chief Privacy Officer gives the role a unique role. The Chief Privacy Officer enjoys an intimate level of credibility and visibility within a company.

In contrast to some of their commercial counsel colleagues, these Chief Privacy Officer types become involved in virtually every transaction. Because of this, a Chief Privacy Officer’s legal knowledge must be both deep and broad, and can include almost anything. This can mean a workload in the many areas of contracting. These areas include negotiation, licensing, compliance, corporate law and regulatory reporting. They also include employment, advertising, mergers and acquisitions, government affairs and litigation.
Chief Privacy Officer with Law Degrees Often Promoted to General Counsel
This combination of broad access to the business and understanding of the laws and regulations gives this person great depth, breadth, and visibility throughout the company that’s unmatched by others in the general counsel’s office. As a result, a CPO who’s also an attorney is positioned for promotion into a general counsel role. That’s because of the fact that the future belongs to those who can analyze and digest information and data. And because data privacy is hitting the top of consumer consciousness, and as the U.S. moves toward a possible federal data privacy law, many CPOs are being tapped for the ultimate legal hot seat—the general counsel position.
Chief Privacy Officers and General Counsel Team to Provide Solutions for the Company
CPOs and GCs both move “holistically” through the business as creative thinkers who find solutions. Plus, they have the same three goals:
- Achieve business objectives;
- Minimize risk; and
- Exceed employee and customer expectations.
It’s these objectives that fuel the analytical process and decisions for both the GC and Chief Privacy Officer role.
“Whether data mapping or configuring an analytics system… working on a commercial deal, or giving product advice, you have to think of those three things,” Daru told CPO Magazine.
Getting privacy correct achieves that end but also drives the company forward. As such, a strategic Chief Privacy Officer is thinking like a General Counsel long before he or she is takes on that role.
Another major way in which the two roles think similarly concerns culture and business perception in the marketplace. While it’s a given that privacy is a compliance matter, it’s also a culture issue. Viewing privacy as a culture issue is a basic way to show clients that a company cares. Moreover, it’s been found to be increasingly a competitive differentiator. Both roles must consider how the industry addresses similar issues and consider deeply not just what the company can do legally but what it should do.
The difference in how a Chief Privacy Officer and General Counsel think and approach business obstacles and public perception isn’t one of scope but one of scale.
While the ever-heightened visibility of data privacy in the cultural landscape will surely drive more Chief Privacy Officers into the General Counsel’s office, there are some universal considerations a Chief Privacy Officer who wants to head a corporate legal program should know.
A Chief Privacy Officer Should Develop a Broader Practice
An attorney in the position of general counsel is traditionally a generalist. That’s because he or she must have a handle on all legal and risk issues. But for Chief Privacy Officers would want to move into a General Counsel role, it’s good to develop a broader practice.
One way to do this is to take on projects and network internally and externally. Note that policy and operational projects are the assignments that give a person the most cross-functional experience. Privacy professionals should take advantage of this exposure to build a reputation in the organization as an individual who moves the ball forward, instilling trust within the business.
Takeaway
Privacy continues to grow and gaining value and visibility in both the corporate world.
A Chief Privacy Officer should use the position to aspire to the General Counsel’s office by leveraging the significant overlap in both exposure to the business and like-minded creative thinking.