ARCHIVE: ORGANIZATIONAL EXCELLENCE
Chief Privacy Officers: From Police Officers to Relationship Managers
Rhonda St. Croix, Senior Manager, Executive Networks, Organizational Excellence Winter 2009
Organizations must harness data for productive and innovative use to succeed in this information age, but they must also comply with privacy obligations. The role of chief privacy officers (CPOs) is evolving into one in which they have to build relationships with those around them. No relationship is more important than the one between the chief privacy officer and the chief information officer (CIO) in protecting the vast amount of data that flows through an organization. An October 2008 joint meeting of two Conference Board executive networks, the Council of Chief Privacy Officers and the ;Council of Chief Information Officers, brought together 60 CPOs and CIOs to discuss ways to improve understanding and teamwork between these positions. The meeting included tips from General Electric’s CPO Nuala O’Connor Kelly and Chief Information Security Officer Grady Summers, who are known for their successful teamwork. No relationship is more important than the one between the chief privacy officer and the chief information officer in protecting the vast amount of data that flows through an organization. Meeting participants also noted that the organizational benefits of collaborative processes and decision making between CPOs and CIOs extend beyond a good relationship between two key executives. The framework for collaborative decision making between the CIO and CPO can be used as a model and applied to other peer relationships within organizations. Bridging the Gaps The following actions can bridge gaps in understanding and teamwork between CPOs and CIOs: - Achieve high-level alignment with organizational strategy. Privacy programs must balance two competing needs: the desire to use data for competitive purposes and legal obligations. CPOs and CIOs need to take a high-level perspective and align their programs with business strategies to embed privacy awareness and data protection into the organizational culture. It is also important to account for the needs of other stakeholders such as human resources, which holds employee data, and marketing, which owns customer data.
- Clarify roles with effective policies and processes. CIOs and CPOs cannot rely on the chief executive officer to help them set priorities because of the demands on the latter’s time. CIOs and CPOs need to work together to meet common organizational objectives. They should assume joint accountability to ensure they meet business objectives and achieve privacy standards.
- Become trusted advisors to each other in order to integrate privacy programs with information technology (IT) systems. CPOs and CIOs must meet regularly and know when to communicate with each other. In addition, it is important to build privacy requirements into project plans and timelines early in any IT project planning process, so CPOs and CIOs should jointly create and use a checklist.
- Create a common language and opportunities to share knowledge. CPOs and CIOs should identify core knowledge that they need to share and develop a common language for it.
- Leverage existing IT systems and processes to build privacy awareness. IT interacts with workers throughout organizations. Organizations can enhance privacy awareness by incorporating it into existing processes such as communications, training and education, and audit and assessment, and by using technology appropriately.
- Remember the old accounting adage: “What gets measured gets done.” Privacy metrics should be on the CEO dashboard or balanced scorecard, and should be part of the monthly operating review of business units.
Related Council
Council of Chief Information Officers
|