The CPO Cometh

← Back to Stories (view on slashdot.org)

Posted by emmett on Tuesday July 11, 2000 @08:47PM from the just-the-facts-ma'am dept.

Afterimage writes: "This article at Salon from the AP mentions several big name firms are adding chief privacy officers to their executive staffs. The general take is that these new folks are to retain customers by not infringing on personal information. I think the verdict is still out on exactly what this means, but hopefully, it's the avoidance of another DoubleClick or Toysmart.com debacle."

14 of 36 comments (clear)

Min score:

Reason:

Sort:

slashdot? by slashdoter · 2000-07-11 15:50 · Score: 3

Does Slashdot and Andover.net have a privacy officer?

--
Does anyone actually have a Java program designed to control air traffic, or for the operation of a nuclear facility?
Increasing influence of customers? by Jon+Erikson · 2000-07-11 15:53 · Score: 2

Is this finally a sign that companies are actually listening to their customers wishes? It has been proved recently that customers do not want their details spread from one company to the next without their permission and especially without even their knowledge, and it seems like some companies are acknowledging the fact that making the same kind of privacy issue/fuckup that DoubleClick made will lose them both repsect and, more importantly, customers.
This is a good trend for tech-savvy companies to adopt, and one that is hopefully a sign that people are becoming more aware of the issues that a networked world raises. And once a few companies have started this, hopefully the increased respect that it will gain them will make other companies follow suit.
The law might not have worked in this case, but maybe consumer pressure will.

---
Jon E. Erikson

--
Jon Erikson, IT guru
1. Re:Increasing influence of customers? by Judg3 · 2000-07-11 16:01 · Score: 2
  
  "Some companies name a CPO because they have a problem, and some do because they don't have a problem and want to keep doing the right thing," Lamb said. See, as soon as I saw the article I thought to myself "Wow, this is a really good thing, seems like companies really are trying to care about peoples privacy on the net". But, after some speculation and reading the article, it seems like a 50/50 mix of "We want to protect our customers rights" and "We want our customer to THINK we are protecting their rights". Don't most companies have some sort of un-official CPO? I know where I work almost all of us are involved in making sure everyone's privacy is saved. To me this is just a natural reaction, like turning on the coffee pot as soon as I wake up. Face it, just by SAYING XYZ Company hired a new CPO will instantly instill confidence in potential customers, bringing in more revenue. So for now Im going to remain neutral on this subject, till these CPO's can be proven.
  
  ----------------------------------
  
  --
  Looking for hardware (Currently need: Large Etch-a-Sketch) Have one? See my journal!
I know exactly what it means by whm · 2000-07-11 15:56 · Score: 4

The CPO is somebody who knows exactly how far they can go without pissing off their customers.

This isn't somebody to protect privacy, this is somebody to help them get away with as much as possible.

Heath
1. Re:I know exactly what it means by Devil+Ducky · 2000-07-12 00:07 · Score: 2
  
  >The CPO is somebody who knows exactly how far they can go without pissing off their customers.
  
  Right, Every company is going to do as much as they can get away with as long as it makes them more money. If they stop their actions just short of pissing off their customers what damage is done? As it is now they don't bother to stop short they just go forth and then apologize (sometimes).
  
  Sure they're not doing it in the name of privacy but that is still what is being accomplished.
  
  Devil Ducky
  
  --
  
  Devil Ducky
  MY peers would get out of jury duty.
I wan't this job. by Shoeboy · 2000-07-11 16:03 · Score: 3

Sitting in a corner office with an executive level salary getting paid to not spy on people. This is sweet. If there's one thing I'm good at it's not doing stuff.
--Shoeboy
Privacy offline by 91degrees · 2000-07-11 16:03 · Score: 4

Strangely enough, a lot of people who are concerned about their privacy on line seem to only care about it online. For years, Supermarkets have been correlating and cross referencing our buying habits, for more carefully targetted advertising, using loyalty cards.

They manage to convince people that this is what they want. How long will it be before they can convince us that online web tracking is also what we want? People are remarkable forgiving when you give them 1% of what they spend back.
1. Re:Privacy offline by jesterzog · 2000-07-11 18:55 · Score: 2
  
  Strangely enough, a lot of people who are concerned about their privacy on line seem to only care about it online. For years, Supermarkets have been correlating and cross referencing our buying habits, for more carefully targetted advertising, using loyalty cards.
  
  I mostly agree with you but I think if anywhere, the biggest difference is that people are at least aware of when it's possible for information to be collected about them in the real world. It's not a big secret that when purchasing something with a credit card, the transaction will be recorded by the credit company.
  
  What scares me about online privacy is that through things like cookies - that most people don't know about, you can be tracked almost completely invisibly without asking for it and without having any indication that it's happening. So often it relies on what's built into browsers and other apps by default and won't be turned off until someone knows about the risk. Even then, it depends on the application being bug-free and how often does that happen? (It definitely happens a lot in closed source, which like it or not most people use.)
  
  If the risk is known, the motivation isn't always there. Cookies and javascript can be turned off, but there's a cost because the privacy features that half the web is abusing are the same features that are essential to properly use the other half.
  
  Most people won't even have heard about non-obvious privacy issues like packet sniffing. If they have it's often useless because so many sites don't make any allowance for encrypted sessions unless there's obviously personal information involved. (Who they might sell it to afterwards is another issue entirely.) This is even more of a problem when home users are starting to move away from dialup connections to fixed IP addresses.
  
  I guess my point is that in the real world people can decide not to use a loyalty card or a credit card or they can refuse to store their money in a bank because at least they know that their actions might be recorded. But we've moved so fast that most people are either completely ignorant or otherwise incapable of doing anything serious about their online privacy except stay completely offline. I think this ignorance (and reliance on bad quality software and services) is the biggest difference.
  
  ===
2. Re:Privacy offline by mindstrm · 2000-07-11 20:16 · Score: 2
  
  I think the supermarkets should be required to disclose what it is they are doing with that information.
  
  IF they say 'In our database, we only want the demographics; we won't actually tie your name to what you bought, or ever use that information together' that's fine. I mean, I have no problem with them finding out some demographics.. 26 year old male buying food..
Nice to know some get it... by Whyte+Wolf · 2000-07-11 16:09 · Score: 2

Aparently some companies are finally getting the whole privacy on the Internet issue. For a very long time I've been resigned to the fact that privacy on the 'net is an illusion. For all the privacy statements out there, one sometimes has to wonder just how effective they are.

A company I used to work for (who shall remain nameless) had me develop a privacy statement for their website (at my urging). While there wern't any technical violations, the company's managment seemd to go all out to try to violate the spirit if not the letter of the statement--we were always looking for ways to grab more 'customer info' to add to the CRM database. Granted, not exactly wrong--but let's be honest, why put a privacy policy in place if you're working against it?

That situation (and more recently Toysmart.com) have had me considering how effective privacy policies are. Perhaps putting a CPO in place will add some checks and balances to the process.

Kudos to AT&T, Prudential, Citibank and the others. Some people seem to be getting it.

--
Beware the Whyte Wolf.

With a gun barrel between your teeth, you speak only in vowels...
This is already required in Europa by kris · 2000-07-11 16:44 · Score: 3

According to the European Privacy Directive, which is to become law in all EU states, this is already required for EU based companies.

© Copyright 2000 Kristian Köhntopp
Government by Placido · 2000-07-11 18:42 · Score: 2

Don't you think it's kind of suprising how much pressure business come under to protect the privacy of it's customers and yet the privacy of it's employees (a company's second most valuable set of people) is tramped over roughshod. I think the problem stems from the laws governing employees/employer relationships. Maybe the government should "sell" laws. Thus a company could use one of a choice of laws and their choice of law would be defined by the employees likes or dislikes. You know...create a competetive market for laws which will benefit the consumers...the public. This is all getting a bit deep and I never studied politics. My head hurts. ;-)

--

Pinky: "What are we going to do tomorrow night Brain?"
Brain: "I would tell you Pinky but this 120 char limi
I've said it before, and I've said it again... by mindstrm · 2000-07-11 20:14 · Score: 5

We need some kind of blanket privacy law that guarantees the minimum expected privacy, namely:

When information is given in the course of business, that information may only be used for the purposes it was given.
NOt simply 'not sold' but 'not used' for any other purpose. So... if I give my name and address to the car dealership.. well.. I undertand that this is because I may owe them some money, and because they need to notify me of recall, etc. I could not deny that this is what I feel I have given them this information for.
THey would be unable, however, to start sending me junkmail about anything else, or to give my information away, even to another, new department of the same company.
The video store could take your name and address so they can track down their videos when you don't return them.. but they could *not* give the information to anyone. They could *NOT* even start sending you junkmail.

Now.. all *any* company has to do is *ask* and they may use your information for other things. But we must make the law force them to ask. THis is called consumer protection.

What about credit reporting? Sure.. that's fine. I mean, if I borrow money, and I give you my name, I expect that I'm giving it to you so you can identify me if I skip. You can just have it in the contract.

This is not 'evil' or 'anti-capitalist' or 'commie'.. this is simply consumer protection. Just as we have laws regarding the rights consumers have on newly purchased 'things'. We have 'implied warranties' (it is expected that the 'thing' you bought does what it says it does when you get it home.)
Privacy is a market by sonnerbob · 2000-07-11 20:38 · Score: 3

I'm utterly and completely outside of the corporate world of the dotcoms. Yet whatever glimpse I get of the motivations, ambitions and strategies of these enterprises indicates to me that concern for the customer comes in dead last. Customers are nothing more than fish to be seined. A customer database, the ability to market to it or leverage it for revenue, is the principle asset that any of these ventures have. So the last thing they want to respect is privacy...
...until it becomes a marketable aspect of their scheme. Privacy concerns being the leading issue of the day, many of these dotcoms which never batted an eyelash at respect for privacy are now installing CPOs, publishing Privacy Statements, getting their TrustE certificates, and joining the Online Privacy Alliance...all to woo the consumer with their promise of privacy leadership. The mere posting of a privacy statement doesn't mean they uphold standards to which you'd subscribe. Reading closely, you'll find it is normally a disclaimer saying they'll do what they've always done, but now their letting you read it -- if you can get through the convoluted writing.
CPOs can be a good thing, acting as a staff watchdog to ensure that the company's direction doesn't cannibalize its customer base by losing trust with it. The simple existence of a CPO doesn't mean anything. It depends on what powers, dedication and attention he/she is given within the strategic direction of the company. On the other hand, a CPO is also the CEO's charge for positioning the company in a favorable PR light. Ray-Everett Church has done a lot to position AllAdvantage as a privacy respecting "Infomediary". Well, I guess you could stretch the definition (which was coined not by privacy advocates but by the authors of "Net Gain: Expanding Markets through Virtual Communities")
<sigh> But then, I'm over 30, which I guess means I have an overly protective concern for my privacy in the age of the Internet. You younger kids apparently don't share the fuss (read this)</sigh>

--

Get Veiled