Slashdot Mirror
IBM Appoints Chief Privacy Officer
Chibi writes "IBM has taken a step in what many would consider the right direction, as they have created a new position of 'Chief Privacy Officer.' They are looking at the position to be more policy-focused than technology-focused, and have appointed a lawyer to the postion."
- Multinational Corporation
- An attorney
- The word "Privacy"
all used in the same paragraph. My butt cheeks are so firmly clenched that I may be driving myself to the emergency room in order that my next bowel movement can conclude successfully. I would trust an attorney with my privacy about as readily as I'd trust a rattlesnake to perform oral sex on me.Okay, I'm at least moderately cynical and possibly more than minimally paranoid. But when a major multinational corporation appoints an attorney to a position supposedly advocating and protecting consumer privacy, and issues a press release about it, I check my calendar. Yep, sher enuff, it's still the year 2000. I still don't believe anything that comes out of an attorney's mouth, and I don't believe in a corporation that cares about me except as another contributor to the revenue stream.
If IBM has news it's released as a white paper. If it's released as a press release, it's just propaganda. Perhaps as the opposite of Your Rights Online, slashdot should have a category for this kind of thing called "Yeah Rights Online".
--
Warning: This signature may offend some viewers.
Vovida, OS VoIP
Beer recipe: free! #Source
Cold pints: $2 #Product
That is nice. They'll have a central place with all the privacy policies. That gives a central place to get information on their policies and a central place to complain to. Noone can say it not their job, or push you off by saying that they'll look at it. I hope this works out well.
Have you read my journal today?
The idea of a privacy officer sounds great, but one has to wonder what happens if the concerns of said privacy officer start to conflict with the wishes of the company? Say IBM get's a new CEO that wants to start selling the e-mail addresses of their web-store customers to other companies. Would the Privacy Officer have the power to stop this?
The example I use is rather simplistic I realize, but this is an issue that get's more complex every day. Will company privacy policies hold up against the misguided wishes of a companies CEO, board of directors, or stockholders?
Whitehat.com awarded part of IBM a White Hat of the Month award in February. I have no idea whether the site is still actively maintained, but WhiteHat was an attempt at replacing crap like TRUSTe with an organization that actually *cared*.
IBM is moderately serious about privacy. They are the only major vendor (except Compaq) that hasn't spammed either me or anyone I know. Gateway has spammed most of the people I know; Dell has spammed a couple of them, etcetera etcetera. IBM has had my email address in their databases for two years without bugging me, and has been very good about sending me information I asked for *and nothing else*.
I know it seems weird, but IBM may actually be one of the more ethical companies out there, in this regard.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
You can't sell a service if you can't name it so this is the name attached to selling that service. You sell privacy services - makes sense since as the article mentions you can't sell security explicitly. It's like trying to sell life insurance or tombstones. No one wants to deal with it until they have to. Moreover since security and privacy tends to take a tools approach its very hard to put the tools wonks in front of customers and execs. They don't communicate well with one another.
Trust me - IBM would not make a public announcement of an executive level lawyer/engineer (can you say patent attorney?) just because 'privacy' gives someone a woody. It's to create a business function that can be used to sell privacy products like PKI and smart cards, encrypted MQ, safe Notes, private email. Or it's to sell consulting services like 'how to insure your customers' privacy' or 'how to insure that employee web surfing is being tracked legally' or 'getting that search warrant for your employees home computers' and so on.
Or if I were cynical I'd put it in the "Minister of Information" category - to whit - insuring that there is absolutely no privacy at all.
But privacy is closely related to security, and anyone truly versed in security knows that policy is the real issue. You can throw all the technology at your security that you want, and if the policies are broken most likely the security will be, also. But if you have a good security policy, it will guide you on the correct technology to deploy, how to deploy it, and how to assess and manage the risks you are taking.
Read the articles, and you'll see that that's what this is about.
The living have better things to do than to continue hating the dead.
----
The Register has a good article on this also.
Sleep: A completely inadequate substitute for caffeine.
-Daniel
TiVo hired a Chief Privacy Officer about two months ago. TiVo may or may not have been the first (I don't know), but IBM was not the first as seems to be the implication here. It's good to see a big company picking up on this, though.
-----
Free P2P Backup, Windows & Linux
On the horizon, companies and consumers face serious challenges "over locational issues," whereby wireless technology makes it easier to pinpoint handheld and cellular phone users, Pearson warned.
From that statement she sounds paranoid enough to fit in on Slashdot so that's good enough for me. Hopefully her job allows her to do more than just sit there and sharpen pencils all day though. If she is allowed to do her job, and given the resources she needs, I think this is definitely a good thing. But, if this was purely a move by IBM to get publicity, and don't intend to give her any real power, then it's useless and will give a bad example to the rest of the industry. We'll see what happens.
Mas vale cholo, que mal acompañado.