Chief privacy officer: your next career? CPOs are a necessity in today's business environment, but no one envies their challenging role of upholding ethics and protecting consumer information. (Career Path).At the Core This article: * Examines the role of the CPO (Chief Privacy Officer) An individual who manages the privacy issues within an organization. Arising out of the privacy regulations in finance and health care in the late 1990s, the CPO position eventually crossed over to all industries. * Discusses CPOs' duties within an organization First it was the chief information officer (CIO CIO: see American Federation of Labor and Congress of Industrial Organizations. (Chief Information Officer) The executive officer in charge of information processing in an organization. ), then the chief knowledge officer (CKO (Chief Knowledge Officer) The executive officer responsible for exchanging knowledge within an organization. CKOs determine how research storehouses and all other expertise throughout the enterprise can be shared by all departments. ). Now, it is the chief privacy officer (CPO)--often called the "information officer" in the public sector. No one seems to have heard of a CPO until Shelley Harms became CPO at Verizon Communications
Verizon Communications, Inc. in 1994. Today, however, CPOs are increasingly common in sectors like finance, health care, credit, insurance, consulting, airlines, automotive, telecommunication, and, of course, dot-cams. Growing sensitivity to privacy aspects of customer and employee information has given rise to the creation of a position to focus corporate attention on right and wrong approaches to the use of personal information. In fact, many firms are realizing that privacy is good business, and they are looking to the CPO to help create effective marketing strategies that do not infringe on customers' right to privacy. A well-known incident illustrates the need for CPOs. DoubleClick Inc., a New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of advertising firm, received complaints about taking Web users' names and quietly matching them to a marketing profile database. Interest in this matter by the Federal Trade Commission (FTC FTC See Federal Trade Commission (FTC). ) and the attorney general in several states led to the dot-cam appointing a CPO, Jules Polonetsky. Those holding CPO positions need significant familiarity with information, ethics, law, and technology. CPOs will need to know the difference between bits of data and significant information, between the "merely" unethical and the likely illegal. They must also create respect within many organizational units (e.g., marketing) where sensitivity to profits may have, in the past, outweighed any concerns about protecting customer information. Clearly, the CPO's power to stop or delay a bottom-line sensitive initiative will win them few friends. Given the pressures they must work under, CPOs will definitely earn their six-figure salaries. The Role of the CPO Typically, the CPO has several duties; perhaps the most important is monitoring information systems to ensure the safety of the organization's information, as well as the privacy of the company's customers, employees, vendors, and suppliers. CPO responsibilities may also include training staff on privacy issues, managing privacy disputes within and external to the company, making sure that policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental are privacy-sensitive, and interacting with governmental agencies. A significant role, of course, is keeping board members aware of the business value of privacy. While it may be the last thing most people in a company want, a new product or service may be put on hold by the CPO if its privacy flaws are likely to bring a deluge of bad publicity or litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. . In such cases, the CPO must accept responsibility for offering a successful marketing method that also ensures shielding the customer's privacy--no mean feat given that customers demand a high level of personal service and, at the same time, significant restrictions on the use of personal data. How can service be maximized but privacy risks eliminated? Problems must be identified before they become problems. How is that done? Ray Everett-Church Ray Everett-Church (born 1969 in Florida), is an American attorney, entrepreneur and author. He was dubbed "the dean of corporate Chief Privacy Officers" by Inter@ctive Week magazine, first creating that title and position in 1999 at online marketing company AllAdvantage. , an early CPO appointee APPOINTEE. A person who is appointed or selected for a particular purpose; as the appointee under a power, is the person who is to receive the benefit of the trust or power. and co-author of Internet Privacy Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. for Dummies, suggests, "Follow the data, follow the data." Following the data may, among other things, mean closely monitoring the use of electronic "cookies" placed on Internet users' computers by Web sites. (Editor's Note Editor's Note (foaled in 1993 in Kentucky) is an American thoroughbred Stallion racehorse. He was sired by 1992 U.S. Champion 2 YO Colt Forty Niner, who in turn was a son of Champion sire Mr. Prospector and out of the mare, Beware Of The Cat. Trained by D. : Also see article by Cunningham, page 52). Legal/Ethical Issues There are as many as 80 privacy laws currently before the U.S. Congress. Similar legislation has already been enacted in some Commonwealth countries. New statutes are aimed at financial, medical, and children's issues. A key focus in this legislation is the anger of the public--and now legislators--about the misuse of their personal information by companies that sell or trade such information to other companies. The CPO must understand that while some actions are not illegal they may be unethical. And what is unethical today may be illegal in the near future. The technologies develop so quickly that CPOs will have to anticipate privacy problems embedded in the use of emergent technology. As customers look for organizations with value-based practices, companies are realizing how important compliance with legal and ethical standards can be. Whence CPOs? To be able to influence those at the board level as well as all other levels in the enterprise, the CPO must have relevant education and experience. An ability to focus on policy and technology is seldom found in one individual. Successful CPOs may have an interesting mix of technology and humanities in their backgrounds. A CPO might, for example, have degrees in information technology (IT) and business ethics business ethics, the study and evaluation of decision making by businesses according to moral concepts and judgments. Ethical questions range from practical, narrowly defined issues, such as a company's obligation to be honest with its customers, to broader social or experience in pharmaceutical research and medical ethics medical ethics The moral construct focused on the medical issues of individual Pts and medical practitioners. See Baby Doe, Brouphy, Conran, Jefferson, Kevorkian, Quinlan, Roe v Wade, Webster decision. . An understanding of business processes is clearly vital. Records and information managers face a similar requirement for interdisciplinary knowledge, including IT, information law, ethics, and information management. Many information professionals are well positioned to support the work of the CPO. The American Health Information Management Association The American Health Information Management Association (AHIMA) is a non-profit association for health information management professionals. The organization was founded in 1928, and has 51,000 members. (AHIMA AHIMA American Health Information Management Association (Chicago, IL) ) already has declared its support of the CPO in the arena of healthcare and patient records. In fact, AHIMA points to the suitability of its own members to fulfill this role in the hospital environment because they are aware of state and federal laws that apply to health information, understand and direct the flow of patient information within the organizations that employ them, understand the nature of technologies that help manage sensitive information, advocate for the patient's privacy rights, and support patient privacy in their Professional Code of Ethics Code of Ethics can refer to:
The roles of the records and information managers and the emergent strategic information manager may become pivotal in the CPO's meeting the privacy standards of many organizations. While ARMA International has not yet addressed the CPO position per se, it has indicated strong support for privacy in its Code of Professional Responsibility: [We] affirm that the collection, maintenance, distribution, and use of information about individuals is a privilege in trust: the right to privacy of all individuals must be both promoted and upheld. The right to privacy is a value respected by free people everywhere. Information and records managers strive to protect the individual's privacy while, often at the same time, having to reconcile that right with the right of access to information by others. The information and records manager must ensure that effective policies, systems, and technologies are in place to protect information about individuals from unauthorized disclosure. (www.arma.org/publications/ethics.cfm). Clearly, customer information is a strategic information asset, and, given the fact that privacy is becoming an important business strategy, astute records and information management professionals will recognize the value of leveraging such assets while also upholding stakeholders' privacy rights. Like the CIO and CKO, the CPO concept will have its ups and downs ups and downs pl.n. Alternating periods of good and bad fortune or spirits. ups and downs Noun, pl alternating periods of good and bad luck or high and low spirits . There may also be senior executives who "don't get it." Because, according to the FTC, so many companies are not regulating themselves effectively, the CPO concept may have a long-term future. There will, however, likely be a high turnover rate brought on by individual CPOs taking unpopular positions. READ MORE ABOUT IT There are many excellent books on privacy available. The best-known and widely praised include: Garfinkel, Simson. Database Nation: The Death of Privacy in the 21st Century. Sebastopol, CA: O'Reilly and Associates O'Reilly and Associates - The leading publisher of information on the Internet, Unix, the X Window System and other open systems. They also provide the Global Network Navigator service. Home page. , 2001. Glee, Harrah Cady, et al. Protect Your Digital Privacy! Survival Skills for the Information Age. Indianapolis, IN: Que, 2001. Rosen, Jeffrey. The Unwanted Gaze: The Destruction of Privacy in America. New York: Random House, 2000. CPO Ray Everett-Church offers his own list of 18 recommended books under "Privacy Officer's Library" at www.Amazon.com. J. Michael Pemberton, Ph.D., CRM (Customer Relationship Management) An integrated information system that is used to plan, schedule and control the presales and postsales activities in an organization. , FAI, is Executive Editor of The Information Management Journal. He may be reached at imainc@mindspring.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion