Today the role of the privacy officer covers everything within a company that creates data, everything that touches data, everything that analyzes data. You'll look at it from multiple perspectives. From a consumer perspective, if I were the CPO of a social media platform, my job would be to make sure that the data that's being entrusted to us by that individual is protected, or that we follow the promises we gave the consumer when they entrusted us with that data, such as “we're using your data to market to you.” Hopefully, you have won their trust, they're going to interact with your platform, and you'll do good things with that data. If you don't, then you'll be like Facebook and Cambridge Analytica who definitely broke the trust of consumers. Cambridge Analytica should never have received personal information from Facebook but they did and they exploited it. So that's two problems right there—breaking the trust of the consumer by not keeping their information private, and not monitoring companies you partner with.

Being an advocate, a protector, and consumer are the chief roles of the privacy officer, but there are internal data you'll have to manage as well, like HR information. People in HR have access to highly personal information about, for example, me as an employee. They know how much I get paid, what my benefits are, what family members have access to my health care plan. They know my employee evaluations and if I wasn't a ...