Chief privacy officer

The Chief Privacy Officer (CPO) is a senior level executive within a business or organization. "Consumer concerns over the use of personal information, including medical data and financial information along with laws and regulations",^[1] is one of the key reasons that the CPO role exists, as this was introduced to help keep personal information safe.

There is legislation in different sectors concerning the use of personal information. For example, in medical industry, the protection of patient medical records (e.g. The Health Insurance Portability and Accountability Act of 1996, or HIPAA). Another example is in the finance sector with the safeguarding of consumer financial and banking transactions (e.g. The Fair Credit Reporting Act and its Disposal Rule, and the Gramm-Leach-Bliley Act and its Safeguards Rule and Financial Privacy Rule).

History

The title Chief Privacy Officer comes from the "Privacy Officer" created by European legislation on personal data. The first "Privacy officer" position was created in Germany in the 1970s (Datenschutzbeauftragter).

In the United States, the position was first established at the Internet advertising firm AllAdvantage in August 1999, when it appointed privacy lawyer Ray Everett-Church to the newly created position, starting a trend that quickly spread among major corporations, both offline and online. The role of the Chief Privacy Officer was solidified within the U.S. corporate world in November 2000 with the naming of Harriet Pearson as Chief Privacy Officer for IBM Corporation. That event prompted one influential analyst to declare, "the chief privacy officer is a trend whose time has come." ^[2]

By 2001, the non-profit research organization Privacy and American Business reported that a significant number of Fortune 500 firms had appointed senior executives with the title or role of Chief Privacy Officer. The growth of the Chief Privacy Officer trend was further fueled by the European Union's passage in the late 1990s of data privacy laws and regulations that included a requirement for all corporations to have an individual designated to be accountable for privacy compliance.

By 2002, the position of Chief Privacy Officer and similar privacy-related management positions were sufficiently widespread to support the creation of professional societies and trade associations to promote training and certification programs. In 2002 the largest of these organizations, the Privacy Officers Association and the Association of Corporate Privacy Officers, merged to form the International Association of Privacy Officers, which was later renamed the International Association of Privacy Professionals (IAPP). The IAPP holds several conferences and training seminars each year around the world, hosting association members from major global corporations and government agencies, with executives seeking certification programs in privacy management practices.

Responsibilities & Duties

Some of the key responsibilities that a CPO has to have are: being able to use business strategies and procedures and apply it to the business, being able to organize plans and lastly looking at privacy program reviews by checking and analyzing the information to ensure it is correct. They are also responsible for making sure data is secure from unauthorized users and making. They would also have to help to improve systems for auditing and monitoring, to therefore resolve any privacy issues.^[3]

As a CPO is responsible for all the privacy of the data in an organization, one major part of their job is to avoid data breaches, especially if the organization is a large corporation. However some major companies have been hacked and have data breaches.

These include:

eBay - up to 145,000,000 million customers effected^{[citation needed]}
Target - up to 70,000,000 million customers effected^{[citation needed]}
Home Depot - up to 56,000,000 million customers effected^{[citation needed]}
Anthem - up to 80,000,000 million customers effected^{[citation needed]}
JP Morgan - up to 76,000,000 million customers effected ^[4]

Data breaches are commonly high-profile events and not only the reputation of the CPO will be effected but also the company's reputation, impacting consumer confidence.

Qualities

One key quality a CPO will need to have is being good at communicating,^[5] because poor communication could lead to a leakage of data which the CPO would be accountable for.^[6] Another quality a CPO should have is staying aware of any new developments and risks in the field.

Benefits and drawbacks

There some major benefits to having a CPO in your organization. The first would be that they help to keep data secure, so this ensures that security of data is not compromised. Another benefit is that they help develop policies which is why "30% of CPOs are attorneys" and "15% are in the information security department".^[7] Therefore, this means that CPO can legally help to ensure that the data stays secure.^[8] In terms of what industries a CPO can be beneficial, a CPO would be favorable in almost every sector. For example, the finance sector is perhaps one of the main areas where you are dealing with consumer information. Its not just the finance sector, basically anywhere you have and store customers information, a CPO would be a good idea as they will help to ensure that customers data is safe.^[9]

There are also some drawbacks to having a CPO in your organization, the first being cost. According to payscale.com the average salary for a CPO in the United States is over 6 figures, roughly about $107,000 per year.^[10] Another drawback to having a CPO in your business would be that some may argue that it's just too much power for one person to have, especially if they are dealing with personal information^[who?].

Literature

2B Advice GmbH / Technical University of Dortmund: Data Protection Practice 2012 [1]
2B Advice GmbH / Technical University of Dortmund: Data Protection Practice 2015 [2]

References

http://www.ehcca.com/presentations/HIPAA/saunders-mon.pdf

↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ news.com IBM appoints chief privacy officer
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.

This management-related article is a stub. You can help Wikipedia by expanding it.

[1] Lua error in package.lua at line 80: module 'strict' not found.

[2] ws.com IBM appoints chief privacy officer

[3] Lua error in package.lua at line 80: module 'strict' not found.

[4] Lua error in package.lua at line 80: module 'strict' not found.

[5] Lua error in package.lua at line 80: module 'strict' not found.

[6] Lua error in package.lua at line 80: module 'strict' not found.

[7] Lua error in package.lua at line 80: module 'strict' not found.

[8] Lua error in package.lua at line 80: module 'strict' not found.

[9] Lua error in package.lua at line 80: module 'strict' not found.

[10] Lua error in package.lua at line 80: module 'strict' not found.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

v t e Corporate titles
Chief officers	Administrative Analytics Audit Brand Business Channel Commercial Communications Compliance Content Creative Data Design Digital Executive (CEO) Experience Financial Human resources Information Information security Innovation Investment Knowledge Learning Legal Marketing Medical Networking Operating Procurement Product Research Restructuring Revenue Risk Science Strategy Sustainability Technology Visionary Web
Other titles	Chairman President Creative director Development director Executive director General counsel Non-executive director Manager Supervisor Team leader
Related topics	Board of directors Corporate governance Executive pay Senior management Supervisory board Talent management

Chief privacy officer

Contents

History

Responsibilities & Duties

Qualities

Benefits and drawbacks

Literature

See also

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools