Slashdot Mirror
IBM Appoints Chief Privacy Officer
Chibi writes "IBM has taken a step in what many would consider the right direction, as they have created a new position of 'Chief Privacy Officer.' They are looking at the position to be more policy-focused than technology-focused, and have appointed a lawyer to the postion."
Consumers want to share music; corporations want to share personal information databases. Why should only one or the other be allowed to?
It's like saying if information is free all of it has to be.
Got friends?
Which OS is more policy focused: Windows 95, or Linux? I say Windows.
Which is better at securing your private data? I say Linux.
What does this tell us?
Got friends?
So, will he be like "What can we get away with?"
-------
Oh shit! I forgot to click "Post Anonymously"...
I get the impression that the IBM anti-trust case had a radical impact on the company's behavior. It sounds as though their experience with the government being angry at them was sufficiently chastening that they've tended to bend over backward to avoid a repeat ever since. I almost get the impression that they've concluded that their business is so well off that they don't have to behave unethically to get an edge, and so the combined advantage of avoiding further government unfriendlyness and appearing to be nice guys is considered to be a smart business position.
There's no point in questioning authority if you aren't going to listen to the answers.
Wouldn't it make sense to keep the name of the "privacy" officer (at least the chief one) private? I mean, 'undercover' cops are pretty much 'undercover' aren't they?
-=-=- Successful people do what unsuccessful people don't want to do...
- Multinational Corporation
- An attorney
- The word "Privacy"
all used in the same paragraph. My butt cheeks are so firmly clenched that I may be driving myself to the emergency room in order that my next bowel movement can conclude successfully. I would trust an attorney with my privacy about as readily as I'd trust a rattlesnake to perform oral sex on me.Okay, I'm at least moderately cynical and possibly more than minimally paranoid. But when a major multinational corporation appoints an attorney to a position supposedly advocating and protecting consumer privacy, and issues a press release about it, I check my calendar. Yep, sher enuff, it's still the year 2000. I still don't believe anything that comes out of an attorney's mouth, and I don't believe in a corporation that cares about me except as another contributor to the revenue stream.
If IBM has news it's released as a white paper. If it's released as a press release, it's just propaganda. Perhaps as the opposite of Your Rights Online, slashdot should have a category for this kind of thing called "Yeah Rights Online".
--
Warning: This signature may offend some viewers.
Vovida, OS VoIP
Beer recipe: free! #Source
Cold pints: $2 #Product
Lawyer or not at least somebody is being hired to /protect/ privacy instead of sell and/or invade it.
Maybe this can start a new trend in the private direction in the once private world of privacy.
-1 Overrated (Too many big words for me to comprehend)
...It must be hell trying to get into his office.
Throws that who;e "Open Door" management thing right out.
Placing government reps on corporate boards (every corporation? even 5-person outfits? who's paying for this?)
Yes, and what's the cost to the economy of Corporatism stealing from the people? That's trillions of dollars. In any case, the cost of oversight would minor. What are there, maybe 10,000 corporations in the country? Another 10K goverment employees is a drop in the bucket. Just eliminating corporate welfare would pay for it 10 times over.
Nationalization would be guaranteed to bring the French disease (labor inflexibility and lousy productivity, leading to economic contraction, unemployment and sky-high taxes, huge deficits or both) to the USA
I wouldn't use the French as my example. Their problems are with government corruption on the one hand, and too much selective corporatism on the other.
Look at Sweden. Government and the workers form a partnership. They could nationalize a lot more of their industry, but they are on the right road.
--
--
From each according to his ability, to each according to his needs.
If a CPO is a Chief Privacy Officer, what would a C3PO be?
Software sucks. Open Source sucks less.
I can't see any way that IBM will increase its sales of security-related products by appointing someone to oversee the way in which it protects the privacy of its customers. It's much more likely that IBM wants to make sure it's doing whatever is necessary to protect its customers privacy to:
All in all, I think it's a responsible and wise move, and as a shareholder I applaud it, but I don't think it will have any real impact on sales of security products.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Ah, dot com wanker.
Another Lawyer interfering in stuff they have little or no comprehension of. I guess we should be thankful it's not an Accountant or worse still a Marketeer.
At the very least this helps them out when they get into hot water. The privacy officer is given the freedom to carp about the subject as much as necessary, but the end results are the responsibilities of IBM business managers. The privacy officer can unify and codify privacy policies for any/all subsidiaries and business lines to ensure the whole company is marginally consistent. Then, if there ever are questions from a legal standpoint there is both a person to be the lightning rod for resolution and for the board to point to and say, "hey, we care about privacy" and then hand the problem to that person.
I do not have a signature
I think that a significant role of the privacy officer will be to research and decide on privacy policies that make the most sense from a business standpoint. As an example, one obvious thing to look at is whether guaranteeing customers' privacy would increase sales enough to make up for potential income from selling that information. If their eventual privacy decision is made based on real research (e.g. finding that selling email addresses to spammers hurts sales) it's going to be much more convincing to other corporate officers than vague ideas about breaching that privacy being morally wrong. The fact that the CPO is also a lawyer suggests that she may also be able to back that up with legal arguments about potential lawsuits caused by breaking a promise to keep certain information private.
I also suspect that IBM's history works in favor of privacy. IBM has always concentrated on selling to businesses, rather than to consumers, and those businesses are both more protective of their corporate information and more able to make a stink if it's not kept private than typical consumers. Selling private corporate information is likely to result in losing a profitable client and quite possibly a lawsuit to boot, so a business oriented company is going to want strong protections in place. That attitude is going to impact the whole corporate culture and carry over to their consumer branch.
There's no point in questioning authority if you aren't going to listen to the answers.
Say IBM get's a new CEO that wants to start selling the e-mail addresses of their web-store customers to other companies. Would the Privacy Officer have the power to stop this?
If the privacy policy given to said customers forbade selling on their email addresses, then that couldn't happen (unless IBM broke the law) - and that's partly what a privacy officer's job is: ensure that any services which hold data on people have a well-defined privacy policy. It's up to the customer whether or not an individual privacy policy is to their satisfaction; but anything done with the data within those boundaries is fair game.
In the UK, by the way, we have the Data Protection Act, which defines strict laws about what information you are allowed to store on individuals under what circumstances.
--
Um, did that really seem like rage to you?
I always thought rage was along the lines of cussing up a storm and basically YELLING so much that you make absolutely no sense at all. I'm just here for the entertainment. But of course, I'm guessing that sort of thing totally escapes the mentality of the common AC that thinks he can judge a person based on one conversation thread.
Bite my yammer.
If the privacy policy given to said customers forbade selling on their email addresses, then that couldn't happen (unless IBM broke the law) - and that's partly what a privacy officer's job is: ensure that any services which hold data on people have a well-defined privacy policy. It's up to the customer whether or not an individual privacy policy is to their satisfaction; but anything done with the data within those boundaries is fair game.
The problem is, that isn't true. It's doubtful whether a stated privacy policy actually creates any sort of contract between the company and customer; and there aren't any other legal obligations whatsoever. So a company can simply change their policies to ones that are much less favorable to the customer, and the customer has somewhere between zero and very little recourse. We've seen this numerous times - a half dozen of TrustE's customers have been caught blatantly violating their privacy policies and none of them have suffered any consequences whatsoever. At worst, it's a sort of "unfair business practice", for which there's little enforcement in the United States.
You bring up a point that adds to this role as CPO for an international organization like IBM. Since they not only do business, but have manufacturing facilities, and marketing/sales divisions around the world, all of the Privacy Policies and Laws in those geographies must be understood and adhered to.
Some time back, IBM said they wouldn't do business on the internet (even things like Advert banners) with sites that didn't have a stated privacy policy.
So I strongly doubt that this is a rubber-stamp position. What that individual's power is, and what they do with the position is, obviously, yet to be seen and proven.
...If it happens, it must be possible!
Avoid companies that appoint lawyers to positions that involve my privacy (especially if lawyer has previously been a prosecutor).
I am !amused.
Geek 1 - IBM's got a new CPO. How about that?
Geek 2 - I hear he's a lawyer.
Geek 1 - A lawyer? Wow, that's a spicy meatball!
Cripes, this has absolutely no meat.
---
---
Slashdot: News For Zealots. Stuff That's Hypocritical.
That is nice. They'll have a central place with all the privacy policies. That gives a central place to get information on their policies and a central place to complain to. Noone can say it not their job, or push you off by saying that they'll look at it. I hope this works out well.
Have you read my journal today?
The idea of a privacy officer sounds great, but one has to wonder what happens if the concerns of said privacy officer start to conflict with the wishes of the company? Say IBM get's a new CEO that wants to start selling the e-mail addresses of their web-store customers to other companies. Would the Privacy Officer have the power to stop this?
The example I use is rather simplistic I realize, but this is an issue that get's more complex every day. Will company privacy policies hold up against the misguided wishes of a companies CEO, board of directors, or stockholders?
And during your interview, Im sure she'd say "Nothing to see here, citizens, move along"
So music should be freely available and downloadable by any idiot with a modem, since "information wants to be free", and software should be distributed with source code since its "wrong" to keep this information from people, yet for some reason, your name, address and phone number have some sort of sacred status??
DrLunch.com The site that tells you what's for lunch!
--
--
You are a fucking moron.
an interesting column about the man personally can be found on bagledog
Where are my GPFs? I WANT MY GPFS!!
I believe your projecting again dumbass.
Fact:
1. I am 27.
2. I live in my own home that I have paid for.
3. My acne problems disappeared about twelve years ago.
4. I shower nightly, and occassionally take a "wake up" shower in the morning.
5. I don't have a sister, or a brother.
6. My parents are very much alive, and are such idiots that I do not understand how I even survived childhood, let alone developed any mental skills at all. But, that's probably true of most people.
The fact that I'm bored enough this afternoon to even dignify you with a reply is pretty amazing in and of itself. But, it is obvious that slashdot is pretty much for trolling and spamming anyway. No need to behave like a rational human being. You sure as shit are living proof of that aren't you?
Bite my yammer.
If you read the entire article they said something about Microsoft's Chief Privacy (blah, blah, blah) is a good example of someone "stepping up to the challenge". So I'm guessing that means that the challenge is to convince people they aren't losing control while slowly slipping the knife in between their ribs.
I know the last time that I was stupid enough to send my name to MS as a registered user I got junk mail for about six months from places I'd never heard of before. Good privacy there!
Please, mark me down. We can't have a negative thought about Microsoft on Slashdot.;-)
Bite my yammer.
I suppose it would be in violation of the spirit of the announcement for them to actually tell you who they appointed, wouldn't it? :P
Excuse me, but I don't trust any mammoth corporation to "protect me" by putting up some fake figure head.
What we need is to either nationalize these mammoth corporations, or at the very least require one government representative to be put on every board of directors -- by law -- with veto power over any decision. Only by providing oversight with a people's representative can we be assured that the riens of their extreme power can be brought under control.
Again, I'd rather see them nationalized, but I think this would be a good first step.
--
--
From each according to his ability, to each according to his needs.
Whitehat.com awarded part of IBM a White Hat of the Month award in February. I have no idea whether the site is still actively maintained, but WhiteHat was an attempt at replacing crap like TRUSTe with an organization that actually *cared*.
IBM is moderately serious about privacy. They are the only major vendor (except Compaq) that hasn't spammed either me or anyone I know. Gateway has spammed most of the people I know; Dell has spammed a couple of them, etcetera etcetera. IBM has had my email address in their databases for two years without bugging me, and has been very good about sending me information I asked for *and nothing else*.
I know it seems weird, but IBM may actually be one of the more ethical companies out there, in this regard.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Not Here On The West Coast! How do you feel about the student tax?
Screw privacy, I'd rather become famous.
Do you want to be the guy that never gives out personal information and is paranoid freak, or do you want to be the guy everyone knows about?
Of course, to give out confidential information (CC numbers, SSN, account numbers) is just stupid except where you are buying things.
Hammer of Truth
You can't sell a service if you can't name it so this is the name attached to selling that service. You sell privacy services - makes sense since as the article mentions you can't sell security explicitly. It's like trying to sell life insurance or tombstones. No one wants to deal with it until they have to. Moreover since security and privacy tends to take a tools approach its very hard to put the tools wonks in front of customers and execs. They don't communicate well with one another.
Trust me - IBM would not make a public announcement of an executive level lawyer/engineer (can you say patent attorney?) just because 'privacy' gives someone a woody. It's to create a business function that can be used to sell privacy products like PKI and smart cards, encrypted MQ, safe Notes, private email. Or it's to sell consulting services like 'how to insure your customers' privacy' or 'how to insure that employee web surfing is being tracked legally' or 'getting that search warrant for your employees home computers' and so on.
Or if I were cynical I'd put it in the "Minister of Information" category - to whit - insuring that there is absolutely no privacy at all.
But privacy is closely related to security, and anyone truly versed in security knows that policy is the real issue. You can throw all the technology at your security that you want, and if the policies are broken most likely the security will be, also. But if you have a good security policy, it will guide you on the correct technology to deploy, how to deploy it, and how to assess and manage the risks you are taking.
Read the articles, and you'll see that that's what this is about.
The living have better things to do than to continue hating the dead.
- Microsoft
- The IRS
- Al Gore/George Bush (pick one)
- Torvalds
- Your Local CouncilMan or City Official
- Your Boss
- Finance Institutions
- etc.
gets interesting after awhile"It is a greater offense to steal men's labor, than their clothes"
The resulting collapse and manipulation of the economy for political ends would discredit socialist measures on this continent for the next century, and probably lead to Constitutional prohibitions against any such meddling ever again. We could call it (between ourselves) the New Deal Socialist Repeal Act, because that's what it would produce. And about time; we've already had sixty-odd years of wretched government excess, and it'll take some shock treatment to get the sheeple to realize what it's done to them. It would be like smoking a pack of cigarettes as your introduction to tobacco; you'd never want to touch it again.
This dyed-in-the-wool libertarian capitalist says, let's do it!
"
/ \ ASCII ribbon against e-mail
\ / in HTML and M$ proprietary formats.
X
/ \
Time is Nature's way of keeping everything from happening at once... the bitch.
<conspiracy theory>
Remember, in George Orwell's "1984", many of the organizations and positions were named opposite of what they actually did... the Ministry of Peace made war, etc. Newspeak has become more and more common with corporate America (I don't know first hand about elsewhere, but I'd imagine that it's vying for its share there too), and phrases like "we must accentuate our efforts to prioritize gross revenue intake to better posture our entity in the market" and other crap like that, and eventually language will mean nothing. They might not be like _that_, but remember, just because it hasn't happened (that we know of) doesn't mean it can't happen...
</conspiracy theory>
"Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."
IBM had PL/1, with syntax worse than JOSS,
And everywhere the language went, it was a total loss...
I finally realized why Marxism will not work. "From each to his ability, To each for his needs" Duh, there are so many stupid people that the ability of the few will be stretched quite thin.
----
Slashdot is a big advocate of privacy - so I would've thought that everyone would be supporting action like this.
It's a step more companies should take.
Cheers,
Daniel.
--
Daniel Zeaiter
daniel@academytiles.com.au
http://www.academytiles.com.au
ICQ: 16889511
policy-focused than technology-focused, and have appointed a lawyer to the postion."
Lets see...a policy driven lawyer that is going to help ibm with the privacy issues? Riiiiiight....
The anti-salmon
For once someone is learning from some elses mistakes....
(realplayer)
"Only one thing, is impossible for god: to find any sense in any copyright law on the planet." Mark Twain
The Register has a good article on this also.
Sleep: A completely inadequate substitute for caffeine.
-Daniel
the issue of privacy, from a policy position is something that is importent.. but to "create a position" and "appointing" an officer.. it seems more to be a PR thing than something with true merit.
Victoria Palmer - I brake for unix.boys, Windows just breaks. - http://www.escape.com/~juliet
TiVo hired a Chief Privacy Officer about two months ago. TiVo may or may not have been the first (I don't know), but IBM was not the first as seems to be the implication here. It's good to see a big company picking up on this, though.
-----
Free P2P Backup, Windows & Linux
I don't see the advantage here? Wouldn't a privacy initiative cancel out (or at least diminish) publicity efforts?
In many ways I look at this article and wonder if this means people will assume that IBM is trying to close itself off to people. I think with any company looking to make money...there are always things that must remain private. While this could be the problems of another company, it also has a lot to do with new innovative research, policies, etc. I don't think that this is really a surprise to anyone and was frankly surprised to even see it on slashdot. I am of the belief that this is a good and practical thing for any company of any size with the slightest amount of confidentiality/innovation to consider.
------
My opinions do not at all represent my employers.
is if this is a "policy" issue and not a "technology" issue, why wasn't this done a long time ago. if technology isn't the reason, they could have been concerned about the privacy of their customers long ago, however, they've probably already sold those names and addresses and phone numbers already.
Come one come all! (except you, the funny looking one) The Linux Pimp
--It's Pimptastic!--
On the horizon, companies and consumers face serious challenges "over locational issues," whereby wireless technology makes it easier to pinpoint handheld and cellular phone users, Pearson warned.
From that statement she sounds paranoid enough to fit in on Slashdot so that's good enough for me. Hopefully her job allows her to do more than just sit there and sharpen pencils all day though. If she is allowed to do her job, and given the resources she needs, I think this is definitely a good thing. But, if this was purely a move by IBM to get publicity, and don't intend to give her any real power, then it's useless and will give a bad example to the rest of the industry. We'll see what happens.
Mas vale cholo, que mal acompañado.