Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
News

The CPO Cometh 36

Afterimage writes: "This article at Salon from the AP mentions several big name firms are adding chief privacy officers to their executive staffs. The general take is that these new folks are to retain customers by not infringing on personal information. I think the verdict is still out on exactly what this means, but hopefully, it's the avoidance of another DoubleClick or Toysmart.com debacle."
This discussion has been archived. No new comments can be posted.

The CPO Cometh

Comments Filter:
  • by slashdoter ( 151641 ) on Tuesday July 11, 2000 @10:50PM (#941307) Homepage
    Does Slashdot and Andover.net have a privacy officer?
  • Is this finally a sign that companies are actually listening to their customers wishes? It has been proved recently that customers do not want their details spread from one company to the next without their permission and especially without even their knowledge, and it seems like some companies are acknowledging the fact that making the same kind of privacy issue/fuckup that DoubleClick made will lose them both repsect and, more importantly, customers.

    This is a good trend for tech-savvy companies to adopt, and one that is hopefully a sign that people are becoming more aware of the issues that a networked world raises. And once a few companies have started this, hopefully the increased respect that it will gain them will make other companies follow suit.

    The law might not have worked in this case, but maybe consumer pressure will.



    ---
    Jon E. Erikson
  • I found this line a little concerning "They are being asked to educate their company, the public and legislators about privacy, said Hoffman" does this sound like a "spinmister"? I hate to see a big company try to "educate". Look at the RIAA's web site. Have you read how they "educate" their readers, it's just spin P.S BACK OFF DAMN GRAMMER JEW
  • by whm ( 67844 ) on Tuesday July 11, 2000 @10:56PM (#941310)
    The CPO is somebody who knows exactly how far they can go without pissing off their customers.

    This isn't somebody to protect privacy, this is somebody to help them get away with as much as possible.

    Heath
  • ... is so few that makes noise about how most(?) big offline shops and credit card companies and whatnot sells the information about what you buy, when and where and such things.

    It's almost scary what they have on file.

    - ask
  • Exactly, the CPO works for the company who owns the data. Why should he attempt to protect the data if it's in the companies best interests not to protect it? Whats to stop a company drawing up a long list of "exceptions"?

    In short, how well will self regulation work in this instance?
  • "Some companies name a CPO because they have a problem, and some do because they don't have a problem and want to keep doing the right thing," Lamb said. See, as soon as I saw the article I thought to myself "Wow, this is a really good thing, seems like companies really are trying to care about peoples privacy on the net". But, after some speculation and reading the article, it seems like a 50/50 mix of "We want to protect our customers rights" and "We want our customer to THINK we are protecting their rights". Don't most companies have some sort of un-official CPO? I know where I work almost all of us are involved in making sure everyone's privacy is saved. To me this is just a natural reaction, like turning on the coffee pot as soon as I wake up. Face it, just by SAYING XYZ Company hired a new CPO will instantly instill confidence in potential customers, bringing in more revenue. So for now Im going to remain neutral on this subject, till these CPO's can be proven.

    ----------------------------------
  • by Shoeboy ( 16224 ) on Tuesday July 11, 2000 @11:03PM (#941314) Homepage
    Sitting in a corner office with an executive level salary getting paid to not spy on people. This is sweet. If there's one thing I'm good at it's not doing stuff.
    --Shoeboy
  • by 91degrees ( 207121 ) on Tuesday July 11, 2000 @11:03PM (#941315) Journal
    Strangely enough, a lot of people who are concerned about their privacy on line seem to only care about it online. For years, Supermarkets have been correlating and cross referencing our buying habits, for more carefully targetted advertising, using loyalty cards.

    They manage to convince people that this is what they want. How long will it be before they can convince us that online web tracking is also what we want? People are remarkable forgiving when you give them 1% of what they spend back.
  • We'll need to see how much walking there is based on this talking. Taking privacy -- and therefore -- rights more seriously is finally a positive success for the recognition of these concerns.

    More than being a 'sexy' title (the article suggests that the old terms are 'passe'), let's see what kind of background CPOs come from, and how active and informed they are with in privacy and rights communities.

  • Aparently some companies are finally getting the whole privacy on the Internet issue. For a very long time I've been resigned to the fact that privacy on the 'net is an illusion. For all the privacy statements out there, one sometimes has to wonder just how effective they are.

    A company I used to work for (who shall remain nameless) had me develop a privacy statement for their website (at my urging). While there wern't any technical violations, the company's managment seemd to go all out to try to violate the spirit if not the letter of the statement--we were always looking for ways to grab more 'customer info' to add to the CRM database. Granted, not exactly wrong--but let's be honest, why put a privacy policy in place if you're working against it?

    That situation (and more recently Toysmart.com) have had me considering how effective privacy policies are. Perhaps putting a CPO in place will add some checks and balances to the process.

    Kudos to AT&T, Prudential, Citibank and the others. Some people seem to be getting it.

  • by toriver ( 11308 )

    How many of those three-letter titles does the business world need? I am just waiting for CIYFRHE, or Chief Insert-Your-Favourite-Role-Here Executive, shortened to CXE.

  • Right! CPO-statement: what you can't do is gather irrelevant info for your CRM DB. what you can do is buy the information from a company without a CPO.
  • Oh, you mean like this one that i've had for a couple of weeks? Now run along little boy, there's traffic to play with.

    .the anti-troll
  • The Grammar Jew now officially backs off. [slashdot.org]
    BTW your grammar is just fine :)
  • Well if we have CPO, i'm waiting for RD2...
  • According to the European Privacy Directive, which is to become law in all EU states, this is already required for EU based companies.


    © Copyright 2000 Kristian Köhntopp
  • It could be possible that people are more aware of privacy online because of the speed of the internet. What I mean is that in the online community, if a person's details are released, alot of information/spam/ads etcetera are very rapidly sent in great quantity. The propogation of information is extremely quick compared to the offline community which could be why people are so much more aware of privacy issues. This is just a theory though. D. ----
  • How much is this aimed at placating the EU and its 'safe harbour' (which seems to be dead in the water) principle?

    How many of these companies with the CPO are 'US' only and do not have a presence in the EU?

  • Don't you think it's kind of suprising how much pressure business come under to protect the privacy of it's customers and yet the privacy of it's employees (a company's second most valuable set of people) is tramped over roughshod. I think the problem stems from the laws governing employees/employer relationships. Maybe the government should "sell" laws. Thus a company could use one of a choice of laws and their choice of law would be defined by the employees likes or dislikes. You know...create a competetive market for laws which will benefit the consumers...the public. This is all getting a bit deep and I never studied politics. My head hurts. ;-)

  • Strangely enough, a lot of people who are concerned about their privacy on line seem to only care about it online. For years, Supermarkets have been correlating and cross referencing our buying habits, for more carefully targetted advertising, using loyalty cards.

    I mostly agree with you but I think if anywhere, the biggest difference is that people are at least aware of when it's possible for information to be collected about them in the real world. It's not a big secret that when purchasing something with a credit card, the transaction will be recorded by the credit company.

    What scares me about online privacy is that through things like cookies - that most people don't know about, you can be tracked almost completely invisibly without asking for it and without having any indication that it's happening. So often it relies on what's built into browsers and other apps by default and won't be turned off until someone knows about the risk. Even then, it depends on the application being bug-free and how often does that happen? (It definitely happens a lot in closed source, which like it or not most people use.)

    If the risk is known, the motivation isn't always there. Cookies and javascript can be turned off, but there's a cost because the privacy features that half the web is abusing are the same features that are essential to properly use the other half.

    Most people won't even have heard about non-obvious privacy issues like packet sniffing. If they have it's often useless because so many sites don't make any allowance for encrypted sessions unless there's obviously personal information involved. (Who they might sell it to afterwards is another issue entirely.) This is even more of a problem when home users are starting to move away from dialup connections to fixed IP addresses.

    I guess my point is that in the real world people can decide not to use a loyalty card or a credit card or they can refuse to store their money in a bank because at least they know that their actions might be recorded. But we've moved so fast that most people are either completely ignorant or otherwise incapable of doing anything serious about their online privacy except stay completely offline. I think this ignorance (and reliance on bad quality software and services) is the biggest difference.


    ===

  • These companies are just going to grab someone from Marketing or customer relations, call them the "Chief Privacy Officer", and have them arrange meetings until they have a vague clue of what they're talking about.

    That way, people who are worried about their privacy can think "Ahh, they have a CPO, which is important, like a CEO or a CFO! My privacy is insured!"

  • by mindstrm ( 20013 ) on Wednesday July 12, 2000 @03:14AM (#941329)
    We need some kind of blanket privacy law that guarantees the minimum expected privacy, namely:

    When information is given in the course of business, that information may only be used for the purposes it was given.
    NOt simply 'not sold' but 'not used' for any other purpose. So... if I give my name and address to the car dealership.. well.. I undertand that this is because I may owe them some money, and because they need to notify me of recall, etc. I could not deny that this is what I feel I have given them this information for.
    THey would be unable, however, to start sending me junkmail about anything else, or to give my information away, even to another, new department of the same company.
    The video store could take your name and address so they can track down their videos when you don't return them.. but they could *not* give the information to anyone. They could *NOT* even start sending you junkmail.

    Now.. all *any* company has to do is *ask* and they may use your information for other things. But we must make the law force them to ask. THis is called consumer protection.

    What about credit reporting? Sure.. that's fine. I mean, if I borrow money, and I give you my name, I expect that I'm giving it to you so you can identify me if I skip. You can just have it in the contract.

    This is not 'evil' or 'anti-capitalist' or 'commie'.. this is simply consumer protection. Just as we have laws regarding the rights consumers have on newly purchased 'things'. We have 'implied warranties' (it is expected that the 'thing' you bought does what it says it does when you get it home.)
  • I think the supermarkets should be required to disclose what it is they are doing with that information.

    IF they say 'In our database, we only want the demographics; we won't actually tie your name to what you bought, or ever use that information together' that's fine. I mean, I have no problem with them finding out some demographics.. 26 year old male buying food..
  • Damn, beat me to it. Cool link--thanks!

    qaeiou saeiou azeiou waeiou saeiou xaeiou eaeiou

    -=(0 Text here to avoid -1 for short post 0)=-

    daeiou caeiou raeiou faeiou vaeiou taeiou gaeiou
  • by sonnerbob ( 182513 ) on Wednesday July 12, 2000 @03:38AM (#941332) Homepage
    I'm utterly and completely outside of the corporate world of the dotcoms. Yet whatever glimpse I get of the motivations, ambitions and strategies of these enterprises indicates to me that concern for the customer comes in dead last. Customers are nothing more than fish to be seined. A customer database, the ability to market to it or leverage it for revenue, is the principle asset that any of these ventures have. So the last thing they want to respect is privacy...

    ...until it becomes a marketable aspect of their scheme. Privacy concerns being the leading issue of the day, many of these dotcoms which never batted an eyelash at respect for privacy are now installing CPOs, publishing Privacy Statements, getting their TrustE certificates, and joining the Online Privacy Alliance...all to woo the consumer with their promise of privacy leadership. The mere posting of a privacy statement doesn't mean they uphold standards to which you'd subscribe. Reading closely, you'll find it is normally a disclaimer saying they'll do what they've always done, but now their letting you read it -- if you can get through the convoluted writing.

    CPOs can be a good thing, acting as a staff watchdog to ensure that the company's direction doesn't cannibalize its customer base by losing trust with it. The simple existence of a CPO doesn't mean anything. It depends on what powers, dedication and attention he/she is given within the strategic direction of the company. On the other hand, a CPO is also the CEO's charge for positioning the company in a favorable PR light. Ray-Everett Church has done a lot to position AllAdvantage as a privacy respecting "Infomediary". Well, I guess you could stretch the definition (which was coined not by privacy advocates but by the authors of "Net Gain: Expanding Markets through Virtual Communities")

    <sigh> But then, I'm over 30, which I guess means I have an overly protective concern for my privacy in the age of the Internet. You younger kids apparently don't share the fuss (read this [zdnet.com])</sigh>

  • Good post jesterzog, I agree completely. People might not understand how credit card info gets transmitted, but at least they know they are leaving a trail when it does. The vast majority of people, even those that are net savvy, do not understand how the internet works, and cannot protect themselves against passive privacy intrusions such as cookies or packet sniffing. Most of all, they do not understand that the internet leaves the biggest paper trail of all, because it cannot be controlled by the user, or at least, the user doesn't have enough knowledge to control it. That is why privacy laws, CPOs, and more education are needed. Market sampling, customer trend databases, and information trading will always exist, but the proverbial line needs to be drawn, and soon.
  • In CA, they were popular for about two years before Albertson's purchased Lucky. That leaves two major chains as club card with club card offerings and two other major chains/companies vowing that they don't need them.

    The cards appear to be disappearing, at least here. They also lost some of their teeth after the state legislature looked into restricting how supermarkets could use info from the cards, namely, no selling to third parties.

    As for web tracking, is there a problem with Web Van creating a list of my previous purchases so they're easily accessible the next time I want to use them?

  • I still use the temporary card they gave me, never filled out the attached form or anything, and if it ever goes bad I just ask the cashier,"Customer card? I've never been here before, how do I get one?" And I get a new temporary card. I still feel bad that I'm encouraging this behavior on the part of the stores at all, however sometimes there's a huge price difference between card members and non.
  • First, as a few others here have pointed out, the mere presence of a CPO serves only to reassure customers, not to actually guarantee privacy. I suggest you not assume anything you do is private unless you know exactly how it's working.

    Second, you'll note that the CPO is only there to preserve the privacy of the customers, not the employees. If you buy something from a corp, maybe they aren't passing that info to other companies, but if you work for them, they're still reading all your email.

    Personally, I'm less concerned with the minor privacy issue of building purchase profiles and sharing them (if I'm gonna get ads tossed at me, they might as well be for stuff I might actually wnat) than the major privacy issue of your employer monitoring everything you do on company time.
  • >The CPO is somebody who knows exactly how far they can go without pissing off their customers.

    Right, Every company is going to do as much as they can get away with as long as it makes them more money. If they stop their actions just short of pissing off their customers what damage is done? As it is now they don't bother to stop short they just go forth and then apologize (sometimes).

    Sure they're not doing it in the name of privacy but that is still what is being accomplished.

    Devil Ducky
  • You've been wrong before and you are wrong again. Laws will not protect your privacy. What if I incorporate out of the US, where US law has no relevance. We already have legal mechanisms for dealing with companies that sell your data after they explicitly tell you they won't. It's called the courts. If someone tells you they are only collecting the data so they can bill your credit card and ship you your stuff, but then go and sell the list to a marketing firm, they are guilty of fraud. Plain and simple. A smart lawyer would get a class action suit ready against toysmart because he could easily win. Of course the first organization that should be sued for this sort of fraud would be the US federal government for that whole "this number is just for social security" scam.
    Stuart Eichert
  • As if corporate America needs more high level management! Already we find more and more corporations are becoming way too "top-heavy" because everyone thinks that they are a boss or that they are the ones in charge of a portion of the company (I.E. VP of Marketing, VP of Advertising, Assistant to the VP of finance, etc.) None of this crap is necessary!

    What really makes me angry is that these are also the idiots who are pulling down the really high wages that suck the lifeblood of the company and when it's apparent that the company is having financial trouble, the morons lay off hundreds to thousands of their hard working blue collar workers, whose combined salaries still don't match that of the top executives. Or, they might "release" several of the executives, but have to pay 'em six or seven digit figures as a "Severance Package"

    NO human being works hard enough to claim earning that kind of money!

    I say let's terminate with extreme prejudice (meaning NO severance package!) all top and mid level management, distribute all that wealth to hard working blue collar America and eliminate this struggle we face in trying to earn a decent living!

  • AND, someone to fire/sue when the company gets sued by it's customers over privacy concerns.

    For the customer's, it won't mean jack squat.

    -elf

  • much in the same way that there are still (!) people afraid to shop online because "what if some Bad Person gets my CC#?" as if the mail-order operators getting paid minimum wage to take your order are really that much more trustworthy with your digits...

  • You need to deal with your anger.

A physicist is an atom's way of knowing about atoms. -- George Wald

Working...