Heightened Demand for Data Protection expertise

Well, this was going to happen at some point in time in the world - with the explosion of data protection and privacy, the privacy profession is seeing huge growth across the globe. According to AXIOS in its 1 November report, there is a global shortage of Data Protection professionals. And similar is happening in Singapore.

Some of the key observations by global industry observers are:

1. The new disrupters in the Sharing Economy e.g. Uber and Facebook are just learning painfully the importance of data protection.
2. The global gold standard to be certified Data Protection Officer (DPO) is by the IAPP.
3. With the reactionary demand, the market is facing an acute shortage of DPOs, despite more than 20,000 people globally who have passed the IAPP's certification exams.
4. On LinkedIn, the number of job postings with the title “chief privacy officer,”/“privacy officer”/“data protection officer” increased 77% from 2016-2019.
5. On the consumer side: One in three Americans have been exposed to a data compromise, and 47% feel they have "little to no control of their personal data".
6. The US Federal Trade Commission has been instructing companies to hire chief privacy officers, and law schools are responding by introducing privacy as a course of study.
7. In the US market, useful background of DPO tend to:

• be “helpful” to have a legal background,
• have an understanding of computer architecture (to know where myriad consumer databases could be housed), and
• lean towards professionals with liberal arts sensibility — to understand business/social ethics and why privacy matters so much to consumers.

With the California Consumer Privacy Act (CCPA), coming on in January 2020, the shortage will be even more acute. However, the US market seems to be leaning towards the legal (re-active to regulatory initiatives) rather than operational. Perhaps this is because law studies is a graduate-degree (i.e. they have a first bachelor degree in other areas).

In the Singapore context, we see the need to focus on operational aspects, while acknowledging that there is also a need for legal input and knowledge.

Data Protection in Singapore

In a parallel trend, the DPEX (Data Protection Excellence) Centre forecasted an increase in demand for Data Protection professionals in Singapore. In the second quarter of 2019, the number of vacant positions for data protection professionals increased by 32% year-on-year, bucking the trend against the contraction of the overall job market.

Data protection positions even exceeded available job positions in cyber-security by up to three times amidst highly publicised breaches and enforcements in Singapore. The increased demand was driven mainly by the government, which accounted for 34% of the overall job vacancies advertised.

This was followed by sectors in health, information technology and financial services which combined, accounted for four in 10 of the available job positions.

Guided by a framework and advisories, the PDPC, Singapore is focusing on pre-emptive safeguards and risk management accountability of the organisation (data-controller) which makes sense if organisations want to be proactive in gaining trust and confidence. This is set to further boost the demand for data protection professionals in Singapore.

Strengthening data protection knowledge in the ASEAN region

As can be seen with the job trends in Singapore, data protection officers are in hot demand and this demand is going to be further heightened, not only because ASEAN nations are kicking in their data protection laws but also because the ASEAN Framework on Digital Data Governance will soon come into play. For example, Thailand passed their data protection laws earlier in mid-2019 and Indonesia is following suit.

To help with knowledge building as well as to provide a resource centre for data protection officers (or anyone interested in data protection), the DPEX Centre was set up to help data protection professionals. Partners of the Centre include institutions of higher learning such as SMU Academy, Singapore, De La Salle University in the Philippines and the International Islamic University of Malaysia (IIUM) who provide practical courses for knowledge enhancement. The Centre is also in talks with other universities in the region to extend data protection knowledge in-country.

It’s certainly the right time to check out the courses available on the DPEX Centre website – foundation as well as international certification programmes are available, so get yourself prepared!

Article contributed by by Kevin Shepherdson (FIP, CIPM, CIPT,  CIPP/A, CIPP/E, GRCP) ,    Leong Wai Chong  (GRCP)  .