Privacy in Organizational Context
Just as with trust and safety as a whole, privacy can be organized in multiple sectors of an organization, ultimately reporting to legal (the most likely organizational arrangement), operations, engineering, product, or even sometimes marketing leadership. As an organization scales, it may house privacy professionals across all major divisions of the company, with discrete privacy specialists serving the needs of specific efforts taking place concurrently across the organization.
Because privacy as an industry area predates the trust and safety industry’s formation, privacy teams will often be situated in a way that is more distant from content moderation policy and operations. This is also because the privacy industry is characterized by a broader suite of laws and regulations that define privacy-related work, including for PII that is collected through non-digital methods.
As a result, the entirety of a privacy function may have a strong central core, or may be fully distributed across the organization. This can introduce many concurrent privacy initiatives that may or may coordinate in day-to-day work. Due to a strong set of privacy laws and regulations across the world, privacy teams continue to operate around a common core of practices and understanding that defines the work.
Career Areas
Privacy Operations
Generally, one of the earliest privacy roles to exist is privacy operations, which focus on operationalizing and scaling privacy-related requests and investigations. This may include processing requests related to GDPR, and general requests to take down private information. These roles often involve developing competencies in database management, with technical competencies in data labeling practices, writing scripts in coding languages such as Python and Java, and learning how to navigate and retrieve data from databases through protocols such as SQL.
Privacy Program Management
Managing processes related to privacy-related inquiries from privacy teams across legal, engineering and product, operations, and other areas. Program managers generally facilitate cross-team collaboration and privacy-related approval processes. In many contexts, this includes facilitating a privacy-focused analysis of a product launch or feature update, and providing approvals before a product launches.
Compliance and Risk Management
Compliance and risk management professionals focus on driving audits and assessing whether organizations are in compliance with privacy standards in their products and data management practices. They may be seated throughout the organization, sometimes in dedicated teams, and at other times even embedded within trust and safety teams. They monitor privacy processes, recommend and implement safeguards, and even exercise skill sets in data analysis to carry out their work.
Privacy Product and Engineering
Almost every product an organization builds will have profound privacy implications prompting not only privacy review and approvals, but also specialized product managers and engineers with privacy-specific expertise. Typically product work in this area may involve building infrastructure related to data management and retention, and also careful consideration of how data will be managed in relation to every new product release.
Privacy Policy
Focused on designing internal and product/content-focused data rights and governance policies. This work may entail creating privacy policies, informing content policy development, and guiding product teams as they navigate the product creation and launch process. Typically, privacy policy practitioners will be the first line of defense for identifying all potential privacy risks and mitigations, and closely correspond with program management and legal teams to ensure proper guidance is being given to product teams as they launch and update new products and features.
Privacy Public Policy
Privacy-focused policymakers may be partially or exclusively in charge of public policy functions, which usually involve engagements with civil society organizations focused on data and human rights, regulatory bodies worldwide, law enforcement with jurisdictions at local, national, and international levels, and other government agencies. They may be in charge of presenting policy and product updates to these external constituents to seek commentary and approval, and they also facilitate incoming inquiries that stem beyond the typical remit of privacy operations teams.
Privacy Law
The practice of privacy law in the industry context is the foundation on which the privacy industry is based. Typically, privacy law practitioners guide the company at a broad level on all matters of regulatory compliance. This can include setting foundational policies housed in Terms of Service and privacy policies, handling escalations related to product development or data breaches, and coordinating with the organization to respond to public inquiries related to privacy concerns.
