You can become a chief privacy officer (CPO) by combining general executive-level business education and experience with specific knowledge of privacy laws in different contexts and across jurisdictions. A command of privacy law can be developed through specialized education, such as by obtaining a law degree, or through practical experience, such as by working for a government agency that regulates how corporations use information. The CPO title is a relatively new creation, so the standard requirements are still evolving.
The popularization of the Internet changed the way companies interact with consumers. Web-based electronic data collection allows companies to compile a vast array of personal information about the people it serviced with few controls over what can be done with that information. To protect the public, jurisdictions passed laws that establish the type of disclosures a company must provide before it collects any information, limit the type of information that can be collected, and determine what they can do with it either with and without permission. The CPO position came into existence to help companies meet its legal obligations regarding these new privacy laws.
A CPO is a senior executive. To become a chief privacy officer, you would need the credentials of an executive-level hire. Most senior executives have an undergraduate degree in a business major, such as administration or finance. Many have an advanced degree, such as an MBA. Along with the educational requirements, a senior executive often needs seven to ten years of practical experience working his way up through the company hierarchy.
There isn't one specific business track that has been established as the standard way to become a chief privacy officer. Since it is a new title that has been slowly gaining in popularity, the people who currently hold these positions have gotten there in a variety of ways. The most logical path is through the legal department. Having a law degree would substantiate your ability to manage the legal aspects of the position. Another related path would be through risk management, since a company's privacy policy is ultimately a way to manage risk.
Relevant experience can also help you become a chief privacy officer. There are government agencies in every jurisdiction that regulate corporate compliance with privacy laws. Certain nonprofit organizations do policy work in this area. Many companies, particularly in the medical and technology industries, have ongoing and cutting edge privacy law actions that are active in multiple jurisdictions. Time spent in any of these situations could be leveraged into a CPO position.
You should also stay abreast of developments in the privacy law industry as a whole if you want to become a chief privacy officer. The International Association of Privacy Professionals (IAPP) was established in 2000 and offers certification, training, and events for people working in the privacy field. Certification from the IAPP is often helpful in obtaining a CPO position, but it is not mandatory.