In Westin's opinion, almost any company can benefit from hiring a CPO. The companies taking the lead, however, tend to be in industries such as financial services for which federal privacy laws are already on the books and compliance is an important issue. American Express Corp., Dun & Bradstreet, Inc., Nationwide Mutual Insurance Co., PricewaterhouseCoopers, Citigroup Inc., and Mutual of Omaha Insurance Co. all have CPOs and are founding members of the Association of Corporate Privacy Officers (ACPO), the professional organization established by Westin. The organization held its second meeting in Washington, D.C., last month to address the challenges and emerging role of the CPO.
The position is in its infancy and continues to evolve. In general, according to the ACPO Web site, the CPO is responsible for coordinating all corporate activities with privacy implications, as well as monitoring all of a company's products, services, and systems to assure meaningful privacy practices.
For Polonetsky, the role of CPO requires him to juggle numerous responsibilities. In addition to ensuring that his company lives up to its own privacy commitments, he must review and monitor the privacy policies of partners and act as an ombudsman to consumers, government, and the press.
The ACPO has set out guidelines for drafting appropriate CPO responsibilities and lists sample tasks on its Web site. The CPO may do the following tasks:
As companies increasingly handle consumer information and make promises about how that information is handled, Polonetsky says, they need to develop their own compliance systems. "Companies that don't live up to their commitments face liability, embarrassment, or even legal action," he says.
Following the European Lead
In terms of privacy issues, the United States lags far behind Europe, where privacy laws have been on the books for years in some cases.
"In Europe, we have the notion that your private data, including your address and photo, belong to you," says German-born Joachim Hunze, IT director for Mapa-Spontex, a household products company based in Paris.
In France, for example, the Commission on Information Technology and Freedom (Commission Nationale de L'Informatique et des Libertis) is charged with writing regulations and