Beginning in the late 1990s, international corporations began hiring Chief Privacy Officers (CPOs). By 2002, large universities responded to this trend by creating this distinct position or modifying an existing job description to include CPO responsibilities. While not every registrar assumes the role of CPO, increasing practical and legislative requirements make it necessary for colleges to respond in a coordinated fashion to identity management, information vulnerabilities, and data breaches. It seems inevitable that registrars will interact with someone assuming the role of CPO. Registrars have been filling the function of CPOs for years. This is a tremendous responsibility given the staggering amount of data that colleges and universities maintain. Registrars certainly are familiar with sensitive information lurking in the academic record. The process for and challenges in assessing privacy risks vary among institutions. At small colleges, the multiple roles an individual plays may require access to multiple areas of data--access typically limited by specialty at larger institutions. At some institutions, the work of privacy officers may be less about the dictating of procedures than about guiding divisions and larger offices through their own assessment, educating about best practices and applicable requirements, providing recommendations, and acting as a resource when questions arise. The privacy leader partners with disparate parts of the institution to help them work toward harmonious ends. While the protection of privacy is the responsibility of everyone in the institution, leadership determines whether a coordinated effort to ensure authentic compliance and to minimize constituent risks will succeed or fail. Effective privacy leaders gain executive support, translate opportunities into action items, ensure authentic compliance, and anticipate organization-specific challenges.