Chief privacy officer
The Chief Privacy Officer (CPO) is a senior level executive within a business or organization. "Consumer concerns over the use of personal information, including medical data and financial information along with laws and regulations",[1] is one of the key reasons that the CPO role exists, as this was introduced to help keep personal information safe.
There is legislation in different sectors concerning the use of personal information. For example, in medical industry, the protection of patient medical records (e.g. The Health Insurance Portability and Accountability Act of 1996, or HIPAA). Another example is in the finance sector with the safeguarding of consumer financial and banking transactions (e.g. The Fair Credit Reporting Act and its Disposal Rule, and the Gramm-Leach-Bliley Act and its Safeguards Rule and Financial Privacy Rule).
History
The title Chief Privacy Officer comes from the "Privacy Officer" created by European legislation on personal data. The first "Privacy officer" position was created in Germany in the 1970s (Datenschutzbeauftragter).
In the United States, the position was first established at Acxiom Corporation in 1991 with the appointment of Jennifer Barrett as CPO,[2] with the second appointment of CPO at the Internet advertising firm AllAdvantage in August 1999, when it appointed privacy lawyer Ray Everett-Church to the newly created position, starting a trend that quickly spread among major corporations, both offline and online. The role of the Chief Privacy Officer was solidified within the U.S. corporate world in November 2000 with the naming of Harriet Pearson as Chief Privacy Officer for IBM Corporation. That event prompted one influential analyst to declare, "the chief privacy officer is a trend whose time has come." [3]
By 2001, the non-profit research organization Privacy and American Business reported that a significant number of Fortune 500 firms had appointed senior executives with the title or role of Chief Privacy Officer. The growth of the Chief Privacy Officer trend was further fueled by the European Union's passage in the late 1990s of data privacy laws and regulations that included a requirement for all corporations to have an individual designated to be accountable for privacy compliance.
By 2002, the position of Chief Privacy Officer and similar privacy-related management positions were sufficiently widespread to support the creation of professional societies and trade associations to promote training and certification programs. In 2002 the largest of these organizations, the Privacy Officers Association and the Association of Corporate Privacy Officers, merged to form the International Association of Privacy Officers, which was later renamed the International Association of Privacy Professionals (IAPP). The IAPP holds several conferences and training seminars each year around the world, hosting association members from major global corporations and government agencies, with executives seeking certification programs in privacy management practices.
Responsibilities & Duties
Some of the key responsibilities that a CPO has to have are: being able to use business strategies and procedures and apply it to the business, being able to organize plans and lastly looking at privacy program reviews by checking and analyzing the information to ensure it is correct. They are also responsible for making sure data is secure from unauthorized users and making. They would also have to help to improve systems for auditing and monitoring, to therefore resolve any privacy issues.[4]
As a CPO is responsible for all the privacy of the data in an organization, one major part of their job is to avoid data breaches, especially if the organization is a large corporation. However some major companies have been hacked and have data breaches.
These include:
- eBay - up to 145 million customers affected [5]
- Target - up to 70 million customers affected [5]
- Home Depot - up to 56 million customers affected [5]
- Anthem - up to 80 million customers affected [5]
- JP Morgan - up to 76 million customers affected [5]
Data breaches are commonly high-profile events and not only the reputation of the CPO will be affected but also the company's reputation, impacting consumer confidence.
Qualities
One key quality a CPO will need to have is being good at communicating,[6] because poor communication could lead to a leakage of data which the CPO would be accountable for.[7] Another quality a CPO should have is staying aware of any new developments and risks in the field.
Benefits and drawbacks
There some major benefits to having a CPO in your organization. The first would be that they help to keep data secure, so this ensures that security of data is not compromised. Another benefit is that they help develop policies which is why "30% of CPOs are attorneys" and "15% are in the information security department".[8] Therefore, this means that CPO can legally help to ensure that the data stays secure.[9] In terms of what industries a CPO can be beneficial, a CPO would be favorable in almost every sector. For example, the finance sector is perhaps one of the main areas where you are dealing with consumer information. Its not just the finance sector, basically anywhere you have and store customers information, a CPO would be a good idea as they will help to ensure that customers data is safe.[10]
There are also some drawbacks to having a CPO in your organization, the first being cost. According to payscale.com the average salary for a CPO in the United States is over 6 figures, roughly about $107,000 per year.[11] Another drawback to having a CPO in your business would be that some may argue that it's just too much power for one person to have, especially if they are dealing with personal information.
Literature
- 2B Advice GmbH / Technical University of Dortmund: Data Protection Practice 2012
- 2B Advice GmbH / Technical University of Dortmund: Data Protection Practice 2015
See also
- Privacy Office of the U.S. Department of Homeland Security
- Chief Privacy Officer, Department of Homeland Security
References
http://www.ehcca.com/presentations/HIPAA/saunders-mon.pdf
- ↑ "Chief Privacy Officer | DefineFinance". www.definefinance.com. Retrieved 2015-10-31.
- ↑ https://iapp.org/about/person/0011a00000DlPjEAAV/
- ↑ news.com IBM appoints chief privacy officer
- ↑ "Current Openings". Merkle. Retrieved 2015-11-03.
- 1 2 3 4 5 "World's Biggest Data Breaches & Hacks | Information is Beautiful". www.informationisbeautiful.net. Retrieved 2016-02-13.
- ↑ "The 7 habits of highly effective CPOs - Supply Business". www.supplybusiness.com. Retrieved 2015-10-25.
- ↑ "Government Chief Privacy Officer | ICT.govt.nz". www.ict.govt.nz. Retrieved 2015-10-31.
- ↑ "Why your company needs a chief privacy officer". Network World. Retrieved 2015-10-25.
- ↑ "Chief Privacy Officer". Harvard Business Review. Retrieved 2015-10-25.
- ↑ "Does Your Company Need A Chief Privacy Officer?". Information Intersection. Retrieved 2015-10-25.
- ↑ "Chief Privacy & Security Officer Salary". www.payscale.com. Retrieved 2015-10-29.