The rise of Big Data is changing company leadership structures.
The rise of local and international data-privacy laws and regulations is prompting many companies to appoint a chief privacy officer to manage risks related to the collection and use of data.
The growing presence of CPOs crosses all corporate sectors, from technology to pharmaceuticals to consulting. GSK, Cisco, CVS and State Farm have each added a CPO over the past few years.
One reason for the intensified top-level focus on data privacy is that companies’ specific concerns in this area have shifted from breaches and technology to a wide range of legal risks, including from sharing information within the organization. At the same time, data regulation is becoming more fragmented. Developments like the European Union’s Global Data Privacy Regulation and California’s new Consumer Privacy Act require companies with an international profile to be able to respond quickly to a changing regulatory and tech landscape and to make this the focus of a centralized corporate function.
Traditionally, there has been no single accepted channel through which companies addressed data protection and data privacy. Human resources was responsible when it came to employees’ information, for example, while the legal department interpreted data-related legislation and internal corporate documentation.
The new CPO role overlaps with many of these functions, but also centralizes processes and manages relationships with the various stakeholders within the company and externally. Elevating the privacy officer to senior management underscores the importance of data and privacy in corporate and risk management.
As the number of CPOs increases globally, organizations are sprouting up to support education, lobbying and the creation of jobs for the network of privacy officers. One leading group, the International Association of Privacy Professionals, founded in 2000, had over 50,000 members last year. IAPP members also include consulting firms and individual experts who provide customized solutions to data privacy–related risks.