• United States




Skills for a new age – the need for data fluency in the info economy

Aug 26, 20165 mins
CareersData and Information SecurityIT Jobs

Are professionals being equipped with the knowledge needed to fulfill skills in privacy?

At the turn of the 18th to 19th centuries, the academic world was on the cusp of a long period of upheaval. Traditional methods of instruction – tutoring students in Latin, Greek, theology, and rhetoric – had been in place since the Italian Renaissance. The great force of the Industrial Revolution was upending the needs of society and, as a result, academia was destined for seismic changes in the content, quality, accessibility and delivery of education.

The rise of industry demanded professionals with new skills. Archaic languages gave way to the sciences and engineering. Rhetoric and theology remained, but the canon of higher education broadened to encompass the needs of the emerging economy. Even with these changes, it would take a further century to see the launch of the Harvard Business School in 1908.

As we look back on the first 25 years of the information revolution, I wonder if we have enough distance to see the changes that are being demanded by the marketplace today? Do we know the skills needed for this new age? Are our schools building the professionals that will power the next century of innovation?

With regards to privacy and information security, I think the answer is unsatisfying. Not yet. We are beginning to understand what is needed, but we do not yet have the ability to produce at scale the number of professionals needed to handle data in the information economy.

Let’s start with the numbers.

The deficits in cybersecurity professionals are well known. Last year, a report suggested that 209,000 infosec jobs were unfilled in the US.

The numbers for privacy pros are lower, but reflect a similar deficit. Earlier this year, the IAPP estimated that new privacy regulations in Europe would create a need for 28,000 data protection officers in the next two years. The IAPP currently has just over 3,000 members in Europe, leaving quite a gap. Further, the introduction of A-130 by the US federal government requires a senior agency official for privacy (SAOP) – resulting in a need for up to 500 privacy leaders in the US government alone.

Clearly, there are tens of thousands of new professionals in the fields of privacy and cybersecurity that will be needed in the coming years. Which raises a follow-up question: are our educational systems ready to produce these professionals?

Within the field of privacy, it is very clear that the profession is not emerging from a single discipline. IAPP research has shown that 40 percent of privacy pros have legal degrees, but large percentages within the profession have technical or business degrees. It appears that the field of privacy is a hybrid profession – made up of skills that span a number of disciplines, such as law and policy, computer science and IT, business and marketing, ethics and even philosophy.

A similar reality is emerging in the field of information security. Cyber professionals are being asked to master more than technology – they must understand the laws and policy that guide info security, along with the strategic imperatives and risk management techniques that guide their organizations. Like privacy pros, information security professionals are finding that the path to advancement is a broad fluency across disciplines.

John Maeda, a leading voice in tech and design, reflected on the rise of hybrid professionals in an interview last year:

“In a world where so many norms and ‘truths’ are shifting out of focus at the same time, it is the people who live across many worlds who become advantaged because they see the world through multiple lenses. If one doesn’t work, they can try the other they have. And the other. And so forth. The jack-of-all-trades was often derided as ‘the master of none.’ But now the master of a discipline is rendered less powerful because his or her discipline is now evaporating.”

There is an important truth in Maeda’s quote. Just as the Industrial Revolution made the educational system of the 1880s obsolete, the information revolution is rendering the mastery of a single discipline a liability, not a strength. Professionals in the information economy – including privacy and information security pros – need to have fluency across domains. The ability to speak the languages of law, risk, business, and IT are all needed to succeed in the information economy.

We have seen these shifts before. Factory laborers could not solve industrial revolution problems with agrarian tools. So too privacy and infosec professionals cannot address digital age challenges with an analog education and training.

So where to start?

For most privacy pros, the obvious step is to build skills in the fields of IT, infosec and business. Understanding these domains will invariably improve the management of privacy within an organization. The same is true for information security professionals. Grappling with the complexity of privacy law and policy will only help advance a career in a market that values fluency across domains.

Learning a new language – building fluency across domains – is not easy. But it is indeed what the market is demanding.

At least we don’t have to learn Latin anymore.


As President and CEO of the International Association of Privacy Professionals (IAPP), J. Trevor Hughes leads the world’s largest association of privacy professionals, which promotes, defines and supports the privacy profession globally.

Trevor is widely recognized as a leading privacy expert, appearing at SXSW, RSA and other privacy and technology events. He has contributed to media outlets such as the New York Times, TechCrunch and WIRED and has provided testimony on issues of privacy, surveillance and privacy-sensitive technologies before the U.S. Congress, the U.S. Federal Trade Commission, British Parliament and more.

Trevor previously served as the executive director of the Network Advertising Initiative and the Email Sender and Provider Coalition. He received his undergraduate degree from the University of Massachusetts, Amherst and his Juris Doctor from the University of Maine School of Law, where he is also an adjunct professor and member of the Law Foundation Board.

The opinions expressed in this blog are those of J. Trevor Hughes and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.