“What started to grow was the notion of a privacy officer or privacy manager as someone who could run a program that could pull together the technical and the legal piece, and I think everyone in the profession at the time thought that was a really good thing,” Kosa said. “But as the discipline grew, as the domain evolved, a lot more people got interested in it, but a lot of those people got interested not for the same reasons the people who grew the field were interested in it.”
In other words, it turned into a compliance-based exercise.
That shift didn’t sit well with her. What irked her was her sense that the field was losing its strong base of privacy advocates, replaced by professionals who were saying to companies, “I can knock out a privacy impact assessment for you for $50,000, no problem.”