Washington, D.C. — Joe Wilcox reports that IBM will name Harriet P. Pearson chief privacy officer as the company jumps on one of the most important policy trends in business. “The chief privacy officer is a trend whose time has come,” said Gartner analyst Bill Malik.
The IBM veteran, who also is a lawyer and engineer, will assume her responsibilities immediately, working out of a Washington, D.C., office.
Across North America, companies large and small increasingly are recognizing the need for someone who is in charge of establishing and maintaining privacy policies. But until recently, that role was grossly misunderstood, privacy experts say.
The focus on technology, such as firewalls or encryption, has wrongly cast privacy as a technical matter rather than a policy issue, Malik said. “The tendency to turn the human issue of a potential privacy breach into a decision of technology and firewalls too often distracts and bores the executive leadership team,” he said.
With the uproar over how high-profile companies such as DoubleClick and RealNetworks handle personal data, consumers and corporations are beginning to see privacy as something more than the ability to protect information, but rather how to handle it.
“We’re not able to talk about privacy risk in simple terms,” Malik said. “We’re missing the vocabulary, and the chief privacy officer is the person who should be able to take these random data and translate them” into plain English.”
Pearson’s responsibilities will be broad, as she develops privacy policies for IBM and works with the software and technology groups to ensure the company’s products adhere to privacy standards.
Richard Smith, chief technology officer with the Privacy Foundation, described the chief privacy officer as “a multifaceted job” that is essential for technology companies.
“More and more software being written today is network-aware, and that presents some interesting challenges,” he said. “If you start shipping data off across the Internet from some piece of software and consumers are not aware of that, that could get the company into some sticky legal issues.”
Richard Purcell, Microsoft’s director of corporate privacy, is a good example of someone meeting the challenges of the role, Smith said.
“What is privacy?” Pearson said. “I define it as the ability of an individual to control how data about them is used and managed.”
Because business demands access to certain kinds of private information, such as credit reports, consumers must relinquish some control over information. “In any society, you or I will never have complete control over information,” she said.
Pearson said one of the hottest privacy issues is how Web-based businesses articulate and implement privacy policies. “I want to work with industry to make privacy statements simpler, easier to understand, and much easier to communicate what they’re doing with the information,” she said.
On the horizon, companies and consumers face serious challenges “over locational issues,” whereby wireless technology makes it easier to pinpoint handheld and cellular phone users, Pearson warned.
“The question is who has access to that information and what happens to it,” she said. While the Federal Trade Commission has asked cell phone manufacturers to file reports on access to location information, how that information will be used is uncertain, she added.
Malik said that while it’s important for technology companies to develop sound privacy policies, it’s more critical to ensure those standards are upheld as goods and services are delivered to the public.
“I’m interested in seeing banks, consumer product organizations (and) automobile manufacturers providing chief privacy officers to be assured that someone is acting as ombudsman to protect the personal data I chose to provide that organization,” he said.