Earlier today I had the opportunity to watch the highly useful IAPP webinar entitled What Works: Benchmarking and Improving your Privacy Program. I was particularly intrigued by the comments directed at improving / re – engineering a privacy office. The presenters emphasized the constant evolution of privacy regimes on a global scale, and that today adaptability and flexibility are key for people and structures (such as a privacy office).
That got me thinking about a large part of my career to date – the establishment and re – engineering of research offices at American universities. By “research” I mean the administration of grants, contracts, and other legal instruments that support faculty research. International grants and contracts are a large component in this area. For instance, the NIH (National Institutes of Health) in Washington, D.C., funds research undertaken by European scientists. That global dimension will only continue to increase in a post – pandemic world, although it appears that a robust European posture towards research is in question as I write this.
My own involvement with the establishment and re – engineering of research offices began at Northwestern University in Evanston, Illinois. We had a major challenge at NU as we were re – engineering operations while maintaining the administration of $165M USD in research funding. Subsequent to that, I established two research offices at smaller universities and then established a contracts / industrial agreements office at a larger university in Texas. While at the latter institution I oversaw two additional re – organizations that built upon the original office.
Those universities provided me with a lifetime of unique and challenging experiences. So, here are my thoughts and observations on best practices for building and re – engineering offices, along with specific comments to the privacy office context:
- Every university research office was designed to be public facing, client (faculty) – oriented, and collegial with other university offices. It was critical that the research office work effectively with other university offices. What is the parallel situation in privacy? A privacy office that works collaboratively with a security office (or any other office, for that matter).
- No research office was meant to operate as an “island” or a “silo.” A privacy office should not be its own island or silo within a company or other organization.
- One particular aspect of these offices was that they were designed for staff to “get out” into the greater community of the university – and beyond. It seems to me that privacy office personnel serve in a similar capacity within in their environment.
- When re – engineering an office, particular attention must be paid to client satisfaction and “upping your game.” What does your office do well in Version 1.0, and what do you want to do well in Version 2.0? What pressure points need to be eliminated?
- Professional development opportunities for staff must be plentiful. I see this as a common thread between the privacy and research worlds. When you think about it, both areas are intellectually vibrant and subject to rapid change. While it is important to stay abreast of such change, getting ahead of said change is more preferable.
- How are you going to measure office success? What are the metrics or KPIs? In the realm of research contracting, for instance, one such measure is the length of time to get a contract negotiated and signed. In privacy, one such metric is the length of time it takes to respond to DSARs.
- Lastly, the human / interpersonal dimension of an office is just as important as the technical / legally satisfying dimension. Not only must the office be enjoyable for the staff to work in, but it must be viewed – and in reality – as an enjoyable partner within the environment(s) within which it operates. Research management and privacy management are truly Art + Science.
Research offices and privacy offices have more in common than probably many people would have thought. Both operate in a rapidly changing global environment and are intellectually vibrant. It will be quite interesting to see how these offices function and change over the next few years.