The Privacy Professional's Influence Starter Kit

No one hands privacy professionals a roadmap for building business influence, but the research and frameworks exist. This starter kit offers curated resources on negotiation, persuasion, and coalition-building -- the skills that turn privacy expertise into business outcomes.

Share
The Privacy Professional's Influence Starter Kit
Photo by @giabyte on Unsplash

Nobody Gave You a Playbook. Here's Where to Start.

In a recent LinkedIn Live conversation, privacy law scholar Daniel Solove made an observation that stuck with me: there's no industry-provided playbook for how privacy professionals figure out how to influence the business or what skills they need to elevate the profession beyond a compliance cost center. (Check out Dan’s YouTube recording here.)

He's right. And the gap is costly.

Privacy professionals spend years developing deep expertise in data protection law, regulatory frameworks, and risk assessment. What they often don't develop in time (because no one tells them they need to) are the communication skills required to turn that expertise into business decisions, behavior change, and resource allocation. The result is technically brilliant people who struggle to get their organizations to actually do anything with what they know.

I’m writing this post as a starter kit – a curated collection of concepts and resources to help privacy professionals begin developing the organizational influence skills that their technical training missed. Consider it a first step toward closing a gap the industry has left open for too long.

Why This Matters for Privacy Professionals Specifically 

Privacy teams occupy a uniquely difficult organizational position, operating in the space of risk prevention and regulatory compliance, areas where success is often invisible, and failure is compounding. That makes the job's political dimension especially challenging.

You may have an ironclad legal analysis and know exactly what needs to change. Still, if you can't build support across product, engineering, and executive leadership (and if you haven't cultivated those relationships before you need them), then your expertise will sit collecting dust while the organization charges ahead.

The skills that close this gap are strategic communication capabilities, including how to frame arguments for different audiences, build coalitions across functions, negotiate when interests diverge, and move an organization toward a decision it's resistant to making. The good news is that these are learnable skills, and there’s already a rich body of academic and professional literature that has been growing for decades. Privacy professionals just haven't been pointed toward it – until now.

The Three Capabilities You Should Develop First

Before I share my favorite resources, it helps to understand what you're building toward. Based on what I see in my work with privacy executives and their teams, I recommend starting with the following areas because they yield the highest leverage if you want more organizational influence:

  • Communication as strategy, not translation. Most privacy professionals approach business communication like translators, translating regulatory language into "plain English." This misses the point. Effective organizational communication goes well beyond simplifying concepts (and sometimes you shouldn’t) to understanding what a specific audience needs to believe or understand to take a specific action, and then constructing the argument that gets them there. This is a fundamentally different skill set than merely translating legalese, and it starts with clarity about outcomes before you ever think about words. 
  • Negotiation and influence without authority. Privacy professionals rarely have direct authority over the decisions they care most about. They need to influence product roadmaps they don't control, competitive positions they didn't set, and engineering priorities they can't mandate. The academic literature on negotiation and principled persuasion is rich and directly applicable here, especially frameworks that help you understand stakeholders’ true interests beneath their stated positions, identify trade-offs, and find paths to success when your explicit leverage is limited. 
  • Coalition-building as infrastructure. Individual relationships with sympathetic colleagues aren't the same as a coalition. A coalition is a network of stakeholders who understand your perspective, who have reason to support your goals, and who you've cultivated before you need them. Privacy professionals who operate independently or reactively (reaching out when they have a problem) consistently underperform those who invest in reliable relationships as a standing practice. This is corporate anthropology in practice. 

Where to Start 

What follows is a curated (not exhaustive) starting point to introduce you to ideas that don't typically appear in privacy training programs and to provide practical frameworks you can apply immediately.

Books

Start with two books that work well in sequence:

  • Getting to Yes by Roger Fisher and William Ury remains the foundational text on principled negotiation and on separating positions from interests to find agreements that actually hold. It's short, clear, and directly applicable to the internal negotiations privacy professionals face constantly. 
  • Once you've read it, pick up Why Should the Boss Listen to You? by James Lukaszewski, a crisis management veteran who writes specifically about how technical and staff professionals can earn and keep the attention of senior leaders. His framework for becoming indispensable to decision-makers is more directly relevant to the privacy professional's situation than almost anything else I’ve seen so far in the leadership communication genre.

Podcasts

  • If/Then from Stanford Graduate School of Business applies behavioral science and organizational research to practical business questions. It's the kind of show that helps you understand why people and organizations behave the way they do — which is foundational to influencing them.
  • HBR IdeaCast and the broader HBR podcast network cover leadership, communication, and organizational dynamics in accessible, research-grounded formats. The HBR On Leadership series, in particular, is worth working through.
  • Hidden Brain with Shankar Vedantam is essential listening for anyone trying to understand human behavior and organizational dynamics. Three episodes are especially relevant: 
    • We Need to Talk, in which behavioral scientist Alison Wood Brooks breaks down the science of conversation and why most of us are worse at it than we think
    • Do Less, on why we systematically overlook subtraction as a strategy — a directly applicable insight for privacy professionals who need to make the case for streamlined, rather than additive, data practices.
    • I'm Right, You're Wrong, which examines why data alone rarely changes minds and what actually does
  • Ologies with Alie Ward takes a rigorous but accessible approach to explaining how experts in obscure fields actually think. The episode Andragogology (the science of how adults learn) is particularly useful for privacy professionals trying to shift ingrained organizational behaviors.

Articles and Academic Resources

The research literature on organizational influence and communication is rich and surprisingly readable when you know where to look. Here are a few pieces worth your time:

  • The Secret to Building Resilience (HBR, Cross, Dillon & Greenberg, 2021) reframes resilience as a relational asset rather than an individual trait; a mindset shift with direct implications for how privacy professionals should think about investing in relationships before they need them.

If you want to go deeper into the research literature, these studies offer insight into organizational influence, communication effectiveness, and the psychology of persuasion:

If you want to see these ideas applied directly to privacy work, our own post Privacy Needs a Better Story walks through how framing theory and the Ladder of Inference apply to the specific challenge of positioning privacy as business value rather than compliance overhead. It's a useful bridge between the communication theory literature and the day-to-day reality of making the case internally.

The Discernible Perspectives Newsletter

All of the resources above have appeared in previous issues of our monthly newsletter, which covers the current privacy and security communications landscape, communication theory applied to real-world situations, the latest in communications research, and a recommended podcast episode each month. If you want a steady stream of relevant reading without having to find it yourself, subscribing to this newsletter is the most efficient path.

A Note on What to Do Next

Reading about influence and actually developing organizational credibility are different things. The resources above will give you conceptual frameworks and language for what you're observing in your own organization. Still, the real work happens in practice, trying a different framing in your next cross-functional meeting, mapping stakeholder interests before your next budget ask, building one influential relationship this quarter that you don't currently have.

Thinking strategically about relationships, timing, and organizational dynamicsis is how professionals with limited formal authority secure outcomes. Privacy professionals who resist this framing tend to find themselves technically right and organizationally irrelevant, while the ones who embrace it are building the kind of sustained influence that moves organizations.


This post is part of Discernible's ongoing work helping security and privacy professionals build the communication capabilities and organizational influence they need to do their jobs effectively. If you're working through these challenges with your team, we'd love to talk.