Chief privacy officer (CPO) salaries are on the rise, a new report from the International Association of Privacy Professionals (IAPP) claims, with U.S.-based professionals earning the most.

According to the IAPP's 2019 Privacy Professionals Salary Survey, American CPOs' median salary is $212,000, compared to $185,000 in the U.K. and $142,000 in the European Union. The global median salary for CPOs is $200,000 in 2019.

"Privacy is just becoming more and more of a necessary skillset for a lot of companies. It's in great demand and whenever a skillset's in high demand, that tends to command a higher salary," commented Barrett Avigdor, a managing director at Major, Lindsey and Africa.

The cross-Atlantic salary gap could reflect different approaches to privacy professionals in Europe and the U.S. Fewer European respondents hold the CPO title than Americans (10% in the U.K. and 8% in the EU, compared to 17% in the U.S.), according to the IAPP's report

Privacy professionals in Europe are more likely to hold the data protection officer (DPO) title, a role mandated at some companies by the EU's General Data Protection Regulation (GDPR). Nearly 40% of European respondents surveyed hold the DPO role, compared to 5% of U.S.-based privacy professionals.

DPOs' median global salary was $100,000, half of CPO's median salary. The IAPP's report notes, based on those salaries, that "the DPO role is shaping up to be a relatively low-, or at best, mid-level compliance position, rather than a leadership or executive role, like the CPO or lead privacy counsel."

Lead privacy counsel earned a global median of around $183,000. U.S.-based privacy counsel earned a median salary of $190,000, while U.K. and EU-based privacy counsel earned $179,000 and $107,000, respectively.

Median salaries for all privacy professionals, including counsel, CPOs and DPOs, is still highest in the U.S. at $150,000. European privacy professionals' median salary came in at $100,000, including the U.K. This earnings gap could stem from different experience levels: American privacy professionals averaged 8.2 years of privacy work, while EU and U.K. professionals averaged 6.6 years and 7.7 years, respectively.

American privacy professionals are also most likely to be part of their company's legal team. Half of U.S.-based privacy professions were based in legal departments, versus 38% in Europe and 27% in Canada. Almost 15% of U.S. privacy professionals not in the legal department were part of the compliance team.

"I'm seeing more and more of those CPO roles filled by lawyers rather than purely IT people. And I think it's because so much of this is now driven by law," Avigdor said. "It's not just… protecting the data, but complying with the laws related to the data."

Europe's GDPR came into effect last May and, shortly after, California became the first U.S. state to pass a privacy law. U.S. legislators have held a series of hearings on a potential federal privacy law in recent months.

Fewer than 40% of European privacy professionals considered themselves part of legal. Globally, 42% of respondents said they held professional degrees such as an MBA, LLM or JD.

The IAPP's report reveals that most privacy professionals (63%) work in large cities, and 22% in smaller urban areas. More than one fifth of U.S.-based respondents hail from California, with New York coming in second at 11%. Illinois, Texas, Massachusetts, New Jersey, Minnesota and Washington are also home to a significant number of U.S. privacy professionals.