Building a Privacy Infrastructure
To ensure a successful privacy program at your company, you should assemble a team of people focused on privacy. The fact that you are building a privacy team and making an effort in this area will help to earn your customer's trust. Your privacy team can benefit your company in the following ways:
By building a privacy strategy for your company
By creating a privacy training program
By creating a consistent message for the public
By responding to privacy issues against your company in an effective manner
By ensuring compliance with privacy statutes when
Building Web sites
Creating applications
Handling personal data
Depending on the size of your company, you might want to have a Chief Privacy Officer (CPO) and a privacy advocate in each major group. Your company should get involved in privacy conferences and join at least one privacy organization. The Council of Chief Privacy Officers (http://www.conference-board.org/search/dcouncil.cfm?councilsid=173) is one such organization that could benefit your company.
Figure 22-2 provides an example of how a privacy organization could be developed within a company. The CPO reports to a corporate executive and leads a team of people responsible for developing and executing on the corporate privacy strategy. Each major group in the company has a privacy advocate who works closely with the CPO to ensure that the privacy message is spread consistently across all groups in the company.
Figure 22-2. A privacy organizational chart.
The Role of the Chief Privacy Officer
The CPO is the person who is ultimately responsible for the corporate privacy vision and execution strategy. The CPO should have executive sponsorship and the authority to enforce the company's privacy policy across all groups. The CPO should be current on all privacy legislation that might impact your company and should at least monitor the evolution of privacy across the industry. In a company developing products and services, you don't want to lag behind your competitors when it comes to building products that enable privacy protection. In this regard, the CPO should work with each development team so that they understand their responsibility in protecting data and so that appropriate reviews are completed before any product is released.
The Role of the Privacy Advocate
The privacy advocate plays a major role in disseminating the CPO's privacy vision. He should also be prepared to formalize this vision into an action plan that is tailored for the team on which he works. In general, the privacy advocate will be responsible for the following types of tasks:
Training his team on the importance of privacy
Assisting with the creation of privacy statements
Assisting with the design of privacy features
Ensuring that privacy is part of each design specification sign-off
Heading the post-development privacy review for each component
Assisting in the resolution of any privacy issues that might involve the team