The IBM veteran, who also is a lawyer and engineer, will assume her responsibilities immediately, working out of a Washington, D.C., office.
Across North America, companies large and small increasingly are recognizing the need for someone who is in charge of establishing and maintaining privacy policies. But until recently, that role was grossly misunderstood, privacy experts say.
The focus on technology, such as firewalls or encryption, has wrongly cast privacy as a technical matter rather than a policy issue, Malik said.
"The tendency to turn the human issue of a potential privacy breach into a decision of technology and firewalls too often distracts and bores the executive leadership team," he said.
Malik said that while some companies treat privacy as a mere technical issue, shareholders appear to be much smarter.
With the uproar over how high-profile companies such as DoubleClick and RealNetworks handle personal data, consumers and corporations are beginning to see privacy as something more than the ability to protect information, but rather how to handle it.
"We're not able to talk about privacy risk in simple terms," Malik said. "We're missing the vocabulary, and the chief privacy officer is the person who should be able to take these random data and translate them" into plain English.
"I expect I will spend a lot of time talking to our customers about these issues, what kind of resources are out there, and what they can do to manage these issues," she said.
Pearson's responsibilities will be broad, as she develops privacy policies for IBM and works with the software and technology groups to ensure the company's products adhere to privacy standards.
IBM puts focus on privacy with new executive post
Harriet Pearson, Chief Privacy Officer, IBM
"More and more software being written today is network-aware, and that presents some interesting challenges," he said. "If you start shipping data off across the Internet from some piece of software and consumers are not aware of that, that could get the company into some sticky legal issues."
Richard Purcell, Microsoft's director of corporate privacy, is a good example of someone meeting the challenges of the role, Smith said.
"What is privacy?" Pearson said. "I define it as the ability of an individual to control how data about them is used and managed."
Because business demands access to certain kinds of private information, such as credit reports, consumers must relinquish some control over information. "In any society, you or I will never have complete control over information," she said.
Pearson said one of the hottest privacy issues is how Web-based businesses articulate and implement privacy policies.
"I want to work with industry to make privacy statements simpler, easier to understand, and much easier to communicate what they're doing with the information," she said.
On the horizon, companies and consumers face serious challenges "over locational issues," whereby wireless technology makes it easier to pinpoint handheld and cellular phone users, Pearson warned.
"The question is who has access to that information and what happens to it," she said. While the Federal Trade Commission has asked cell phone manufacturers to file reports on access to location information, how that information will be used is uncertain, she added.
Malik said that while it's important for technology companies to develop sound privacy policies, it's more critical to ensure those standards are upheld as goods and services are delivered to the public.
"I'm interested in seeing banks, consumer product organizations (and) automobile manufacturers providing chief privacy officers to be assured that someone is acting as ombudsman to protect the personal data I chose to provide that organization," he said.