by Eva Marer
Joan Russo, IT security planner for the state of Delaware, is at the forefront of a new trend. Her position was created only last year, but she's already working with the chief IT architect to set statewide privacy policies and ensure that the state's 34,000 employees adhere to them.
Yet Westin expects that number to increase dramatically within the next few years. "Within a short time, every sensible company will have a CPO on its management team," he says. As privacy becomes a top-tier issue for consumers, he says, companies will recognize the competitive advantage of institutionalizing the CPO position.
An Emerging Role
"I get a call - at least one call a week - from companies looking for referrals to staff a new CPO position," says Jules Polonetsky, CPO for DoubleClick Inc., a New York-based Internet firm that provides advertising solutions for Web publishers and advertisers. Polonetsky, the former consumer affairs commissioner for the city of New York, was just hired in March. "It's clear that this is becoming an increasing priority for companies."
No matter what their primary business, Internet companies are in many ways data companies, says Polonetsky. As they become aware of that role, they are moving beyond the mechanics of data exchange to focus on ethical implications and privacy protection.
"We've had a lot more inquiries from agencies and concern about privacy in the last year," says Russo. That's partly because some new laws have been implemented, she says. But the concern also arises in direct proportion to the number of consumer services offered via the Web.
"We have a new online program where people can pay their taxes online," she says. "We've also started planning a new system where parents can view their children's report cards on the Web. They love the convenience but are concerned about issues like credit card security and protecting their children's confidentiality."
As companies go Web enabled, Russo says, people fear everything from hackers and viruses to misuse of personal information. "This is not like the old mainframe days where you've got one box and a limited number of people who can access it." Also, she says, any entity receiving federal funding must document its compliance with federal privacy standards, especially in areas pertaining to medical, legal, and Freedom of Information Act requests.
In addition, consumers seem to be asking companies to police themselves more. For example, a survey of more than 2,000 Americans published by the Pew Internet and American Life Project showed that 86% of respondents favored the adoption of "opt-in" policies, whereby Internet companies would request permission from users before disclosing personal information. In an "opt-out" situation, Web sites have the right to track users who do not explicitly request to be excluded.
This problem is not really new, argues Polonetsky. He points out that, even in the offline world, consumers must opt out of telemarketing lists and direct mail databases. And some online c