CPOs: Hot or Not?

This article discusses the emergence of chief privacy officers (CPO) upon the development of regulations in the U.S. Far from creating a second CPO boom, the regulations may actually be splitting privacy measures between two camps. Those in the CPO Classic camp advocate hiring genuine corporate officers charged with proactively considering the ethical, competitive and strategic implications of privacy. The Compliance is King camp is focused on meeting the letter of various federal, industry and state privacy regulations. There is a widespread agreement that the explosion of privacy regulations, combined with limited resources, has produced heavy emphasis on compliance. A perfect example of compliance-driven privacy measures is the Health Insurance Portability and Accountability Act mandate that any health-care-related business name a privacy officer. This includes major hospital chains and a seven-person dental office. Membership in the leading CPO group, the International Association of Privacy Professionals is about 1,000 as of March 2004. Because of mergers among privacy groups, apples-to-apples comparisons are difficult to come by. In addition, it seems clear that the relationship between a CPO and his employer's information technology organization is critical.