The IAB's CPO Council seeks to promote privacy standards and expand the role of the CPO (www.iab.net). "Standards are still evolving in the U.S.," says Polonetsky, and companies that take a proactive stance will have more say in shaping those standards.
Staffing the CPO Position
In Polonetsky's opinion, CPOs do not have to be technologists but may come from marketing, legal, or other backgrounds.
The amount of legal knowledge required by the CPO varies according to the industry, but most agree that a working knowledge of relevant laws and codes is sufficient. The key to making the position function, says Polonetsky, is that the CPO should report directly to the board of directors, as he does, or at least to a senior executive level, such as the CEO or COO.
In Europe, where the whole system is geared to guaranteeing the privacy of data, Hunze says, companies might not see the need for a separate CPO position. "In certain ways, I am the CPO, but it's just considered part of my job, something that is part of the enterprise strategy and required by law." Hunze notes that he received privacy training as part of his overall programming education. "If you do your job right, the privacy issue is just taken care of," he says.
Up to now, privacy issues have been handled by CIOs or IT directors both here and abroad. With increasing complexity, however, the CIO and CPO positions are beginning to branch off.
Steve Rayner, information systems manager at Northland Health Limited, a public health provider in Whangarei (pronounced fung-are-ray), New Zealand, reports that one health organization was rebuked by the New Zealand privacy commissioner's office for assigning privacy responsibilities to its CIO. "It was roundly condemned as a conflict of interest," he says.
According to Rayner, "One of the CIO's strategic objectives was to share patients' health information with all relevant providers of care in order to maximize the potential care benefits. The privacy commissioner considered that the CIO had two conflicting missions - the dissemination of information and the protection of that information. One cannot be a champion for opposite points of view."
Conflicts of interest also arise between competing corporate functions. "Marketing people want to maximize interaction with consumers, whereas the legal department wants t