Adapting the Privacy Profession to Changing Times

As spring comes into full bloom, the changing of the seasons offers an opportunity for privacy teams to start thinking about how they can be more effective in their workplaces. Privacy work needs to evolve in a couple of important ways, and the value of that work for the organization may have its highest manifestation as a strategic partner helping the organization itself re-invent its work.

One path is through alliance. It is true that many new issues are coming up that, to some organizations, may seem to be a higher priority than privacy. These issues of course include AI but also youth online safety, age assurance, and cybersecurity. There is a growing basket of privacy and compliance issues: governance risk and compliance, data protection, trust and safety, content moderation, AI governance, cybersecurity, and in advertising, debates around the appropriate role of generative AI in creating ads. We might previously have thought of these issues as “privacy adjacent” but increasingly we can think of them as “data governance gateways.” The organization prioritizes these issues because they must, and yet each one is a gateway back to privacy concerns. Leading with these other issues can create a path back to the key data governance issue on the agenda of the privacy team.

Managing these data governance gateways means building alliances with the other people at the organization integral to concerns. Some privacy teams have felt stretched as their work on  AI privacy and governance has grown, but these issues can be reframed as a gift to the privacy team because it is something that the organization deems important and a high priority. Leading on governance in a strategically critical area allows privacy teams to get the attention of the C-Suite and other key stakeholders and make the case for why resources are needed to fulfill it.  The organization probably already is prioritizing cybersecurity, so a good relationship with the CISO team is vitally important: it may have budget resources that the privacy team does not. These other issues and teams offer the potential for networks of alliances.  On an organization chart, these developments might look like a diminution of privacy team influence.  But real influence is shaped by productive interactions, effective communication of a clear message, and the finesse and persistence entailed in effective leadership across different teams of stakeholders. The skill and mindset for privacy executives of leading across teams has never been more important.

It’s also possible for privacy teams to continue to evolve. In their early stages, the privacy team was the “Lonely Voice,” an appendage to the legal department or the marketing team that tried desperately to get attention to its issues but was often a low priority voice. We certainly hope that no privacy teams are still stuck there. Many of them advanced to a higher evolution, establishing effective partnerships in the organization with other key stakeholders, including marketing teams, sales teams, product teams, and privacy engineers. Successful teams positioned themselves to be the “Pathfinder”  helping guide the organization through the minefield of increasing regulation and law and enabling the organization to execute its goals.  

Over the past few years, we have started seeing the next evolution of the privacy team’s role, initially to a broader data governance role and now to a position more readily perceived as a strategic partner, helping the organization compete in the age of AI. More than ever legal regulatory and enforcement trends demand consideration of data stewardship, accuracy, bias, transparency, and safety in the business planning and strategy processes. Cybersecurity, always a major risk, is deeply stressed by the new threats enabled by AI. Beyond regulatory and enforcement trends, AI is reshaping how every business plans and operates and data protection and governance issues are increasingly strategic, if AI enablement is to advance.

The alliances across various compliance or data governance gateway stakeholders that the privacy executive builds now become of strategic importance not just for the privacy team but for the organization itself.  It’s helpful to think of “data governance” not just as the small basket of privacy issues but as a larger basket of “data governance gateway” or “privacy adjacent” issues for which there is a cohort of allies  – a “compliance alliance” – with significant influence across the organization.  This new compliance cohort now must be the strategic partner helping the organization succeed. These executives, whether Chief Privacy Officer, Data Governance Leader, Responsible AI executive or other, are well positioned to lead this effort as they work across teams and silos. 

Consider cybersecurity, where substantial investment is required in core technology and resources, but equally important are cultural changes that need to be made to reduce risk from avoidable human mistakes made by employees. Focusing on cultural change with deeper business awareness across all teams, not just the cybersecurity team, will ultimately help the organization protect itself.  The cybersecurity team benefits from this compliance alliance.

In advertising and ad tech, AI drives a substantial strategic imperative for companies to think about how to incorporate AI into their offerings. The challenge of offering opt outs from targeting, sharing, selling, across many state regimes is trending toward more comprehensive, perhaps browser-based approaches that likely will increase opt out rates. Some companies may benefit from reducing their emphasis on ID-based targeting and shift resources toward a strategic approach that includes building audiences using AI and more multichannel pathways to finding people to buy products. Digital advertising still has a future, but so do many other forms of marketing. Advertisers not thinking more holistically about the various ways that they could connect to consumers are going to miss out. Publishers can be thinking more clearly about adopting AI and being able to interact with the likely growth in standardized agentic AI. Advertisers need to get their arms around generative AI that creates the ads at a far greater speed but needs to also deepen connection to actual humans, because many consumers may respond better to more meaningful human connection. Publishers and advertisers have a strategic interest in finding more creative ways of connecting to actual consumers in a way that actually matters for those consumers, rather than responding to the various measurement techniques that might be counting clicks or traffic or eyeballs without really focusing on what’s actually moving products.  Given the dependence on new uses of data, continual engagement with data governance teams on these issues is paramount. 

New laws that promise protections to people who are under 18 (beyond COPPA’s 12 and under consent requirement) are an increasingly urgent area of focus for companies. These laws are generating serious strategic conversations about whether under-eighteens should be part of their business at all, and if so, how they can provide age-appropriate experiences for that cohort. Privacy leaders, as part of the larger “compliance alliance,” are well positioned to tee up that discussion.

In what parts or regions of the world will the organization compete, given the diversity and changing nature of digital rules outside the United States? Companies might well think about what other regions they operate in, balancing that with the various state laws in the United States, and reflect on how to plan and design systems to efficiently address regulatory and enforcement trends. We have probably passed the point where ad hoc adaptation suffices.  Once again, the privacy team brings strategic value.

For the privacy team that is facing expanded work with limited resources, there is opportunity to build alliances and to reframe this work in a way that is more germane and central to the organization’s mission. Becoming a genuine strategic partner that helps the business rethink how it profits in the face of new regulations and new technologies builds the case of expanded resources. 

Unquestionably, this approach raises the degree of difficulty and level of effort for privacy teams and data governance executives. A strategic executive needs to develop the skills of connection, leadership without authority, and leading across teams. Performing at this level requires highly effective communication – and what makes communication most effective is persistent and consistent messaging. It will require advancing pragmatic solutions focused more on cost and revenue opportunity and much less on risk and fear. It will require motivating privacy teams that may feel demotivated with clarity, purpose, and in-the-trenches support so that they know someone is looking out for them.

One note of caution: A commitment to collaboration and saying, “Yes, and . . . “ to business initiatives cannot mean that privacy teams or the “compliance alliance” never say no. They obviously can’t be perceived as a blocker by default, but they have to earn trust to effectively encourage responsible design decisions that consumers and other business partners trust.  This is a key part of the partnership: Honest guidance that builds a successful business, not enablement that ignores the fact that success is not when the ship sails, but when it arrives safely in port, having delivered the goods.

Dwight Eisenhower is credited with saying that if a problem seems unsolvable, make it bigger. What this gets at is that often we try to solve problems by breaking them into smaller pieces, but sometimes the solution is found by reframing, up-leveling, and finding new pathways into the problem.  That is going to be the pathway for privacy teams to show their value to organizations now: They’ve got to make the compliance problem – and the business opportunity – bigger. Making the business challenge bigger makes it more relevant and facilitates development of alliances with influential stakeholders in the organization. It also elevates privacy professionals as strategic partners at a moment in which the business has little choice but to rethink how it grows in a time of rapid change. It is seizing a propitious moment. It is embracing the uncertainty of moving forward with the promise of success and growth rather than being diminished.  It embraces hope, not fear.  It centers the idea that technology is part of how the organization will progress and yet it still preserves the fundamental truth that it will be humans working together, communicating effectively, and uniting around a common purpose of helping the organization succeed that will make privacy teams continue to be relevant in 2026 and beyond.

FPF has launched a project which I lead to help senior privacy and data governance executives more effectively frame their value to senior management and boards. While full participation is limited to our members, please reach out with any useful ideas. If you would benefit from participating and want to learn more about FPF membership, contact [email protected].