The Emergence of the Chief Privacy Officer - Page 4

Oct 15, 2000

- Staff

hoice, access, and security. One such program, TRUSTe, a nonprofit alliance of several hundred Web sites, requires members to adhere to established privacy practices and to comply with published oversight and alternative dispute resolution practices. The TRUSTe privacy seal, or "trustmark," is an online branded seal that indicates compliance with the program and takes users directly to a site's privacy statement. In addition, more sites are giving their privacy statements prominent placement on the homepage and using those statements to direct users to consumer advocacy organizations such as and

The IAB's CPO Council seeks to promote privacy standards and expand the role of the CPO ( "Standards are still evolving in the U.S.," says Polonetsky, and companies that take a proactive stance will have more say in shaping those standards.

Staffing the CPO Position

The trend toward hiring CPOs originates in the executive suite and in business units. "Since discretion and trust are crucial for customers' attitudes, business managers are well aware of the importance of the CPO," says Jorgensen.

In Polonetsky's opinion, CPOs do not have to be technologists but may come from marketing, legal, or other backgrounds.

The amount of legal knowledge required by the CPO varies according to the industry, but most agree that a working knowledge of relevant laws and codes is sufficient. The key to making the position function, says Polonetsky, is that the CPO should report directly to the board of directors, as he does, or at least to a senior executive level, such as the CEO or COO.

In Europe, where the whole system is geared to guaranteeing the privacy of data, Hunze says, companies might not see the need for a separate CPO position. "In certain ways, I am the CPO, but it's just considered part of my job, something that is part of the enterprise strategy and required by law." Hunze notes that he received privacy training as part of his overall programming education. "If you do your job right, the privacy issue is just taken care of," he says.

Up to now, privacy issues have been handled by CIOs or IT directors both here and abroad. With increasing complexity, however, the CIO and CPO positions are beginning to branch off.

Steve Rayner, information systems manager at Northland Health Limited, a public health provider in Whangarei (pronounced fung-are-ray), New Zealand, reports that one health organization was rebuked by the New Zealand privacy commissioner's office for assigning privacy responsibilities to its CIO. "It was roundly condemned as a conflict of interest," he says.

According to Rayner, "One of the CIO's strategic objectives was to share patients' health information with all relevant providers of care in order to maximize the potential care benefits. The privacy commissioner considered that the CIO had two conflicting missions - the dissemination of information and the protection of that information. One cannot be a champion for opposite points of view."

Conflicts of interest also arise between competing corporate functions. "Marketing people want to maximize interaction with consumers, whereas the legal department wants t

Page 4 of 5


0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.