The demand for privacy professionals is soaring, but hiring an expert in this field is proving to be a significant challenge. According to ISACA’s State of Privacy 2025 survey, 73% of organizations indicate that “expert-level” privacy professionals are the most difficult to hire. The results reflect the insights of more than 1,600 privacy professionals worldwide. The reasons behind this shortage are complex, spanning unrealistic job expectations, budget constraints, and the evolving nature of privacy itself.
What do privacy professionals do?
Responsibilities vary widely depending on the organization’s structure and industry, making hiring difficult due to the diversity of roles within the privacy field. Safia Kazi, ISACA principal, privacy professionals practices, explains how some privacy professionals are legal and compliance-focused, such as ensuring whether an organization is adhering to regulations like GDPR, conducting privacy impact assessments, developing privacy policies, and advising on what data can and cannot be collected, used, or shared. Others, she says, can take on more technical roles, working in data science, where they assess which data qualifies as personal information, build privacy-enhancing technologies, or design systems that minimise data collection.
There are also privacy professionals who can be embedded in software development teams, Kazi says, pointing to how they could be responsible for integrating privacy by design principles into products and systems from the ground up. Privacy expertise is increasingly expected in user experience and user interface design, where professionals ensure that privacy choices are clear and free from deceptive patterns. “For the most part, people fall into one or potentially both technical or legal and compliance privacy,” she says.
