Microsoft Corporate Vice President and Deputy General Counsel for Global Privacy and Regulatory Affairs Julie Brill speaks during a roundtable discussion on cyber safety and technology at the White House March 20, 2018 in Washington, DC. (Photo by Chip Somodevilla/Getty Images)
Although the COVID-19 pandemic shrunk many corporate payrolls in 2020, privacy professional incomes have continued to trend upwards over the last two years, according to a new report released in June. If anything, new challenges poised by the pandemic’s affect on working environments only made privacy experts more valuable.
But there is still room for improvement on several fronts. In particular, a gender gap continues to persist when it comes to pay equality.
The 2021 Privacy Professionals Salary Survey report, from the International Association of Privacy Professionals (IAPP), notes that the average salary for a privacy pro in 2021 is $140,529 – an increase of more than $6,000 since the last time the biennial report was issued in 2019. The median salary, meanwhile, is $126,000, a $2,950 improvement over two years ago.
“In difficult times, this is a positive signal about the growth of wages of privacy pros working today,” states the report. “The fact that privacy salaries have also grown steadily over time, up $15,000 since 2015, also shows the continued demand for the work of privacy pros and the resiliency of the broader industry.”
Report author Müge Fazlioglu, senior Westin research fellow with the IAPP, told SC Media that she wouldn’t exactly call the privacy industry “recession proof,” but “I think it has remained strong” due to a combination of short-, medium- and long-term factors that are likely responsible for salaries continuing to climb.
In the shorter term, especially during the pandemic, “there have been a host of issues that have come up on… the business-side – such as collecting health information, remote working, monitoring employees, etc. – [and as] broader societal issues – like contact tracing, vaccine passports, and so on – that require input from privacy professionals,” Fazlioglu said in an interview.
“Consider the health information now being collected, [and] what companies don’t know or misunderstand about health data and vendor management, along with the millions of remote offices that were deployed near-instantaneously,” said K Royal, associate general counsel at TrustArc. “This led not only to the need in companies to understand their risk landscape, but to more laws being passed or guidance being issued. Data continues to grow at an unimaginable rate, and the world needs experts who understand the laws, the data, the growth, the commerce, and the companies and can speak with expertise on all of it.”
Meanwhile, major privacy breaches and impactful privacy violations taking place over the last few years – Fazlioglu cited the Cambridge Analytica case as a prime example – have made a public case for having a strong and responsible privacy expertise on your team.
“In this vein, privacy also has risen on the legislative agenda across all levels of government,” said Fazlioglu, “and we have seen sustained attention by Congress deliberating dozens of comprehensive federal data privacy bills in recent years. And so this also has an effect.”
Finally, over the long term, “we are generating more and more data through new technologies, and so new problems are arising every day,” Fazlioglu continued. “These are… trends (digitization, etc.) that I don’t think have run their course yet, and they are creating more attention to and work for privacy professionals.”
Despite the pandemic cutting into staffing and payroll budgets, 63% of surveyed privacy professionals said they received a raise in the last year. However, that’s actually 10 percentage points fewer than in 2019. Privacy pros working at large organizations with more than 75,000 employees were more likely to have received a raise in the last year (67%) than those at smaller businesses with only 100 to 999 employees (55%). Only 7% were forced to accept a pay cut.
Instead of raises, some employers may have opted to reward their employees with other forms of compensation, including bonuses and stock equity. Indeed, the percent of privacy pros who received additional compensation rose from 72% in 2019 to 75% in 2021. The average compensation amount also increased by more than $1,400 in that time.
“This data regarding additional compensation may be indicative of broader trends in how organizations are responding to the mid- to long-term uncertainty that persists around COVID-19,” the report stated. “The fact that fewer organizations are offering raises, combined with the fact that more are offering bonuses compared to two years ago, suggests employers are seeking to incentivize and retain their workers while at the same time making efforts to keep payroll costs under control.”
One way or another, however, it appears companies realize that privacy too big of a need to skimp on payroll. “Undervaluing expertise and experience is detrimental,” said Royal. “Currently, near-post-pandemic, people are jumping jobs – it’s making headlines. You may have the opportunity to pick up someone experienced, but you also run the risk of losing the one you may have in pocket. [So] make sure you value that role and show that appreciation tangibly.”
The IAPP also noted that the average salary of male privacy pros was about 9% higher globally and 14% higher in the U.S.
“I think the trend towards male-dominated percentages as well as higher salaries for men speak to the complexities that come with the significant increase in privacy laws – and many companies are now asking for a law degree in the preferred skills,” said Royal. “Law is a male-dominated field. Thus, with the increase on that front, unfortunately, I see it is a natural progression, given the historical challenges women have for equity in the legal field. A law degree is not required to be a skilled privacy officer, but of course, one is required for privacy counsel, and we have seen a significant rise in jobs for privacy counsel.
According to Fazlioglu, the pandemic also contributed to the inequity.
“Unsurprisingly, COVID-19 put an extra strain on women, but also women of color in particular,” she said. “We know that women, across all fields of work, experienced a disproportionate share of the negative economic effects of COVID – like having to take a pay cut or face child-care concerns. Because of this, gender pay equality may stall or backslide, even though we’ve made progress in past years. There is a lot of work cut out for us on this issue across all industries, not specific to privacy.”
There is also a measurable average salary gap between privacy workers at companies in large urban areas ($146,700) and those working in small urban and suburban locations ($127,000 to $129,000). “As urban neighborhoods saw unfavorable migration flows during 2020 due to the urban exodus spurred by the pandemic, and as businesses responded by seeking to localize their pay, it will be interesting to see how the urban/rural divide in salary evolves in the future,” the report states.
COVID-19 also dramatically changed the day-to-day routines of the privacy workforce. Case in point: 90% of surveyed respondents said that as of March 2021 they were still working from home. Moreover, 36% said they believe this arrangement will be the new normal moving forward, while 50 percent expect a hybrid of office and home-based work.