DECEMBER 14, 2000
HOT JOBS
The Rise of the Chief Privacy Officer | CPOs are a new breed of execs that combine tech and legal savvy -- and the ability to say no
| Only two years ago, if you had asked any expert in corporate
organization the meaning of the acronym CPO, you probably would have gotten either a blank stare or a wild guess involving some old Star Wars movie. In the interim, however, the title "chief privacy officer" has emerged from obscurity to find a home in both startups and corporate giants. On Nov. 29, in fact, IBM announced the appointment of its first CPO, joining companies such as American Express, AT&T, and as many as 100 others that since 1998 have created such a position.
CPOs typically earn an enviable salary, well into six figures. By most
accounts they also have a stimulating job -- requiring familiarity
with both technology and the law -- that gives them a role in a wide range of
corporate operations, from product development to human resources. Ones who do a good job have an additional characteristic: pachyderm-thick skin.
The reason is that to be a CPO sometimes means being the bearer of
news managers would rather not hear. A CPO oversees a company's privacy
policies and practices, monitoring how the corporation handles confidential
information about consumers and employees.
"YOU HAVE TO BE TOUGH." Day-to-day, that could mean scotching a nifty promotion that the marketing people adore but that
privacy advocates would loathe, says Jason Catlett, a privacy consultant.
Or telling human relations execs who rely on Social Security numbers as a
convenient way to identify employees that they have to come up with a
less intrusive method, says Lawrence A. Poneman, a senior partner and head
of privacy matters at PricewaterhouseCoopers. Poneman had to do just
that, and he recalls the rolling eyes at his meeting with the folks from human resources.
"You are constantly dealing with people in power and blocking them,"
says Alan F. Westin, president of the nonprofit research group Privacy & American Business, which recently helped launch the first U.S. professional association of corporate privacy officers. "You have to be
tough. People are not going to love you if you have to tell them not
to do something they want to do for the bottom line."
All of which raises the question: Why are corporations bothering to
create a job that makes running a company more difficult? Fear of bad publicity is one reason. "No one wants to be that front-page story in the New York Times," says Poneman. Just ask DoubleClick, the New York-based Internet advertising company that was dogged by revelations earlier this year that it intended to merge off-line and online information about consumers without their permission. An uproar commenced after the plan became public, and it has since been scrapped.
NEW STATUTES. More than fear of a PR meltdown is boosting the CPO trend, however.
Congress has noted public outrage at the idea that marketers and others might trade personal information, and thus lawmakers are now considering a number of bills to protect privacy. Companies are trying to stave off such regulation by insisting that they can police themselves.
In fact, new laws are already on the books, both in the U.S. and abroad, that regulate
what companies can do with an individual's information. The European
Union and Canada have recently adopted consumer and employee privacy protections. In the U.S., both financial information and medical records are
subject to new privacy statutes such as the Financial Services Modernization Act. And the federal Children's Online Privacy Protection Act, which went into effect earlier this year, prohibits commercial Web sites from gathering personal information from children without mom's or dad's blessing.
In addition to all that, some companies see important business reasons
for paying attention to privacy. Take LifeMinders Inc., an Internet
marketing company in Herndon, Va. Visitors to its Web site can register to
receive targeted information -- and advertising -- about personal interests.
To do so, they need to tell LifeMinders what those interests are -- and to
be assured that the resulting database of personal information won't be
shared, without an individual's consent, with anyone outside of LifeMinders.
REAL CLOUT? "If members felt that we had not handled information as we told them we
would, we would lose credibility -- and our business model," says Jodee E.
Batdorf, LifeMinders' CPO. She adds that she spends much of her time working with her technology staff to make sure that it employs "industry-standard -- and stronger" security measures to protect the database from prying eyes.
Privacy advocates believe it's too early to say whether the typical
CPO exercises real clout. "It depends on a company's attitude," says David
L. Sobel, general counsel for the Electronic Privacy Information Center
in Washington, a nonprofit privacy advocacy group. "If there's a real
commitment to privacy -- even if for reasons of self interest such as
building confidence among customers or in recognition that privacy is
good business -- I think it can be a meaningful position. But [some] companies may look on it as a PR opportunity. In those cases, it is window-dressing."
A clue to how seriously a company views the job is where the CPO
ranks in the corporate hierarchy. "You need to be pretty high up to exert the
appropriate influence," says Ray Everett-Church, CPO at
AllAdvantage.com, an Internet marketing company in Hayward, Calif. "Otherwise, you become a kind of lone voice in the wilderness." Everett-Church reports to his CEO.
ECLECTIC PEDIGREE. Everett-Church, like Batdorf, is a lawyer, but a law degree isn't a must for
a CPO. Westin estimates that there are now 50 to 100 chief privacy officers
in the U.S. -- or people with similar responsibilities -- whose backgrounds
are in law, government affairs, or technology. Poneman, who serves as both privacy chief at PricewaterhouseCoopers and head of its privacy consulting
practice, has a more eclectic pedigree. He's a certified public accountant with a PhD in business ethics.
Whatever their backgrounds, CPOs are well-rewarded for their efforts.
They generally earn $140,000 to $175,000 a year, Westin says. That sounds
like a lot for a company finger-wagger. But more often, says Everett-Church, his job is to be an innovator -- to help come up with ways to combine clever marketing with respect for consumer privacy. With the privacy police poised to close in, that role can make the difference between a product's -- or company's -- success or failure.
By Pamela Mendels in New York
|
Copyright 2000, by The McGraw-Hill Companies Inc. All rights reserved.
Printer-Friendly Version