The Emergence of the Chief Privacy Officer

tracking security breaches. The
Commission’s Web site (
warns consumers that they are not protected by French law when they give
personal information to foreign Web sites.

In Germany, Hunze says, a federal privacy official (Datenschutzbeauftrager
der Bundesregierung
) is charged with enforcing privacy laws and reports
once a year to the government and the people about the situation.

In Denmark, it would be unthinkable for a bank to give or sell consumer
lists to other companies, says Karsten Jorgensen, manager of IT strategy
for Jyske Bank, a full-service financial institution representing about
$14 billion in assets. Besides the fact that it’s illegal, says Jorgensen,
“being trusted by customers is essential, and disclosure of any privacy
leakage would be a considerable competitive disadvantage.”

Because privacy is protected by law in Europe, Hunze says, Web sites
do not need to post privacy policies to reassure consumers. Though he
has never encountered the problem before, he would have to report any
abuse of privacy at his own organization to the police. “Even selling
mailing lists is illegal,” he says, with one advantage being that Europeans
receive much less junk mail than Americans.

strict adherence to privacy guidelines is having some impact in the United
States. “When you surf the Web, you travel to lots of countries,” Hunze
points out, noting that most Europeans do not use e-commerce because they
fear for the security of their data outside their own national borders.

As American companies push for more global reach, they may be forced
to voluntarily adopt stricter guidelines. At the very least, says Polonetsky,
they should have one contact in the company who thoroughly understands
the issues.

In addition, many American consumers are getting fed up with what they
consider privacy violations. A recent survey by the Internet Policy Institute,
a Washington, D.C.-based think tank that examines issues affecting the
global development and use of the Internet, found that Americans are becoming
more concerned with protecting their privacy. More than three-quarters
of New Yorkers surveyed want federal laws to restrict what kind of personal
information can be collected online about them. Dearborn, Mich., residents
agreed, with 73% in favor of federal laws that would restrict the types
of personal information collected online.

American lawmakers seem to be listening. Numerous privacy bills are
floating around Congress, including the Consumer Internet Privacy Enhancement
Act, sponsored by Senate Commerce Committee Chairman John McCain (R-Ariz.)
and Senators John Kerry (D-Mass.), Spencer Abraham (R-Mich.), and Barbara
Boxer (D-Calif.). The bill mandates that Web sites spell out their privacy
policies and let consumers opt out of having personal information sold
to third parties. It also calls for a study of the issue for 12 to 18
months before setting firm standards.

Some firms are going beyond that timetable, however, working with industry
trade groups and the government to create privacy guidelines. The Internet
Advertising Bureau (IAB), which recently formed the Chief Privacy Officer
(CPO) Council, of which Polonetsky is co-chair, has forged an alliance
with the Federal Trade Commission to promote responsible advertising on
the Web.

companies have formed alliances to promote privacy principles of disclosure,