YOU ARE HERE: LAT HomeCollections

Psst! CPOs Are Secret Agents

The latest trend in hiring is the chief privacy officer, charged with protecting consumers' confidential information. But some call it mere window dressing.


A string of controversies involving U.S. companies accused of misusing personal information about their customers is fueling the latest trend in corporate hiring: the chief privacy officer.

In August, U.S. Bancorp named a privacy czar to protect its customers' interests after the Minneapolis-based bank was sued by state regulators for selling confidential financial data to telemarketers.

Internet ad broker DoubleClick made a similar move in March after the company was attacked for its plan--later shelved--to combine information about consumers' Web-surfing habits with other personal information, and use the data to pitch products to them.

As Americans grow more alarmed about the use of their personal information on the Internet, about 75 U.S. companies have added chief privacy officers, or CPOs, to their corporate rosters, up from a mere handful in the 1990s, according to Alan Westin, head of Privacy & American Business, a research and consulting group in New Jersey.

CPOs are typically charged with developing a corporate privacy policy and ensuring a company's compliance with the ever-growing number of privacy-related laws and regulations. Among those U.S. companies that now employ CPOs are Microsoft, America Online, American Express, AT&T and E-Trade.

The CPO is the latest corporate abbreviation to hit the executive suite, joining other tech-spawned posts such as chief information officer, or CIO, and chief technology officer, or CTO.

Some privacy advocates are skeptical of the trend, dismissing the corporate titles as little more than window-dressing and an attempt by companies to appear that they're serious about protecting customers' privacy.

"It's a Band-Aid, not a solution," said Bonnie Lowell, an online privacy expert and technology consultant.

Lowell is worried that many companies are using CPOs primarily to protect themselves against potential lawsuits or bad press, rather than to reform and enhance their privacy policies. Instead of hiring high-profile CPOs and sending them to meet with customers or testify at government hearings, companies ought to be training workers throughout the company about the proper use of sensitive information they collect about customers, Lowell said. Such information can range from credit card numbers to magazine subscriptions, from bank account balances to Social Security numbers.

The fact that many of the new crop of CPOs are former attorneys suggests that the threat of privacy-related lawsuits remains a top concern of companies. At a privacy conference in Washington last month, experts predicted that U.S. companies will soon face a wave of class-action lawsuits over their failure to abide by the privacy promises they have made to their customers. Frequently such lapses occur by mistake or because no one at the company is enforcing the privacy policy.

"A lot of companies have had trouble living up to their own privacy policies," said Larry Ponemon, lead partner of the privacy practice at PricewaterhouseCoopers. "They say they do [one thing], but they do less than [that]."


By ensuring that companies follow their own policies, CPOs benefit consumers, too, company officials say. Some CPOs say they view their jobs as being an advocate for consumer interests and serving as a bridge between the company and customers.

"One of my roles is to be an ombudsman," said Jules Polonetsky, a former consumer affairs commissioner of New York who was recently hired to become DoubleClick's first CPO.

"My job is to be an inside watchdog," Polonetsky said, noting he reports directly to the board of directors.

But the influence of CPOs can vary within each organization. Some companies have hired seasoned attorneys or privacy experts, who report directly to the chief executive or chairman. Others employ young, tech-savvy representatives who work within the companies' legal, public affairs or technology divisions.

At American Express, the CPO is its former group general counsel Sally Cowan, who reports to the vice chairman. Cowan has helped shape new products and services for consumers, such as an e-commerce initiative to provide protection to consumers while using credit cards online and a technology that permits users to surf the Internet anonymously.


But the job can also be a source of friction within a company.

Microsoft Corporate Privacy Director Richard Purcell said he often butts heads with other departments--particularly the marketing and data management divisions--over their plans for new products or uses for personal information.

"You have to go around and kick butt inside your company on behalf of consumers," Purcell said. He and other CPOs say they sometimes use their veto power to kill or change new products or services that might infringe customer privacy.

"I'm representing the consumer quite a bit of the time, but I'm also representing the business," said Tatiana Gau, who oversees privacy issues at AOL. "It's complex."

Los Angeles Times Articles