IBM appoints chief privacy officer

Big Blue will name Harriet P. Pearson chief privacy officer on Wednesday, as the company jumps on one of the most important policy trends in business.

3 min read
WASHINGTON--IBM will name Harriet P. Pearson chief privacy officer on Wednesday, as the company jumps on one of the most important policy trends in business.

Gartner analyst Bill Malik says the creation of a privacy czar at IBM signals a trend that all other consumer-oriented companies would be smart to follow.

see commentary

"The chief privacy officer is a trend whose time has come," said Gartner analyst Bill Malik.

The IBM veteran, who also is a lawyer and engineer, will assume her responsibilities immediately, working out of a Washington, D.C., office.

Across North America, companies large and small increasingly are recognizing the need for someone who is in charge of establishing and maintaining privacy policies. But until recently, that role was grossly misunderstood, privacy experts say.

The focus on technology, such as firewalls or encryption, has wrongly cast privacy as a technical matter rather than a policy issue, Malik said.

"The tendency to turn the human issue of a potential privacy breach into a decision of technology and firewalls too often distracts and bores the executive leadership team," he said.

Malik said that while some companies treat privacy as a mere technical issue, shareholders appear to be much smarter.

"They're getting privacy policy questions at their annual meetings from shareholders," he said. "That's not a question about technology but about governance."

With the uproar over how high-profile companies such as DoubleClick and RealNetworks handle personal data, consumers and corporations are beginning to see privacy as something more than the ability to protect information, but rather how to handle it.

"We're not able to talk about privacy risk in simple terms," Malik said. "We're missing the vocabulary, and the chief privacy officer is the person who should be able to take these random data and translate them" into plain English.

Pearson's responsibilities will include just that, articulating privacy policy for both Armonk, N.Y.-based IBM and its customers.

"I expect I will spend a lot of time talking to our customers about these issues, what kind of resources are out there, and what they can do to manage these issues," she said.

Pearson's responsibilities will be broad, as she develops privacy policies for IBM and works with the software and technology groups to ensure the company's products adhere to privacy standards.

Click here to Play

IBM puts focus on privacy with new executive post
Harriet Pearson, Chief Privacy Officer, IBM

Richard Smith, chief technology officer with the Privacy Foundation, described the chief privacy officer as "a multifaceted job" that is essential for technology companies.

"More and more software being written today is network-aware, and that presents some interesting challenges," he said. "If you start shipping data off across the Internet from some piece of software and consumers are not aware of that, that could get the company into some sticky legal issues."

Richard Purcell, Microsoft's director of corporate privacy, is a good example of someone meeting the challenges of the role, Smith said.

"What is privacy?" Pearson said. "I define it as the ability of an individual to control how data about them is used and managed."

Because business demands access to certain kinds of private information, such as credit reports, consumers must relinquish some control over information. "In any society, you or I will never have complete control over information," she said.

Pearson said one of the hottest privacy issues is how Web-based businesses articulate and implement privacy policies.

"I want to work with industry to make privacy statements simpler, easier to understand, and much easier to communicate what they're doing with the information," she said.

On the horizon, companies and consumers face serious challenges "over locational issues," whereby wireless technology makes it easier to pinpoint handheld and cellular phone users, Pearson warned.

"The question is who has access to that information and what happens to it," she said. While the Federal Trade Commission has asked cell phone manufacturers to file reports on access to location information, how that information will be used is uncertain, she added.

Malik said that while it's important for technology companies to develop sound privacy policies, it's more critical to ensure those standards are upheld as goods and services are delivered to the public.

"I'm interested in seeing banks, consumer product organizations (and) automobile manufacturers providing chief privacy officers to be assured that someone is acting as ombudsman to protect the personal data I chose to provide that organization," he said.