Key Attributes of Effective Privacy Officers: Patience, Teaching Ability, Flexibility

According to five chief privacy officers (CPOs), their peers need to learn patience, particularly as they attempt to educate their workforces about the need for privacy diligence in a world where it seems like everything is posted online publicly. [1]

Speaking recently at the 2023 National HIPAA Summit, they also stressed that the ability to talk about privacy to the entire workforce—from the lowest to highest levels—marks the most effective CPOs.

“The three things in my toolbox [are]: teach, tell and influence,” explained Faith Myers, CPO and vice president for global privacy at McKesson. “You’ve got to be able to be a really good educator of both your C-suite level, your board members, your leaders, as well as your front-line workers.”

It’s key to explain the gray areas in privacy, Myers said, and to point to the right thing to do, along with how it blends into the company’s culture. “But there’s some black and white in privacy as well,” she said. “And sometimes you just have to say yes or no, this is what you can do, and this is what you can’t do, and this is what the law says.”

Speaking to all levels of the organization, from the front-line staff to board members, also takes a special skill set, chimed in Steven Sugrue, chief compliance officer at DocGo. “The message has to be calibrated and discussed in a way so that all levels can understand it,” he said.

“I wear the privacy hat, I wear the compliance hat, and I wear the security hat, and I have a bunch of certifications,” said Greg Ewing, senior vice president for compliance, privacy, technology and regulatory affairs at Trillium Health, Inc. “What do we do on a day-to-day basis? We put out fires.”

“A successful CPO will be collaborative, flexible and patient, but still capable of saying ‘no’ when necessary,” added Iliana Peters, shareholder at the law firm Polsinelli and former acting deputy director for health information privacy at the HHS Office for Civil Rights.

This document is only available to subscribers. Please log in or purchase access.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field