Privacy officers at the table

by Ann Harrison
Be the first to comment | 1I like it!
More »
on this topic
March 13, 2001, 10:53 AM —  Computerworld — 

When large companies first began appointing chief privacy officers last year, Sally Cowan found herself pioneering a position at American Express Co. that upheld the firm's long-standing information practices. After 16 years working as a lawyer in the general counsel office, Cowan was appointed American Express' vice president of privacy and data protection.

"I advised the business worldwide in customer protection and privacy issues, and I was very familiar with the issues that the company faced in data and privacy protections," says Cowan. "When the company created this position, it was not a customer service or legal or PR position. This is truly a business issue."

New York-based American Express has been a forerunner in privacy. In 1974, it became the first financial services firm to give customers the ability to opt out of its direct marketing efforts. In 1991, it published employee privacy principals, and in 1998, it became one of the first businesses to post an Internet privacy statement. The company doesn't sell customer data and doesn't give customer e-mail addresses to third-party marketers.

With 48 million cardholders and close to 90,000 employees worldwide, American Express must apply those privacy policies globally. Cowan discovered that not all the privacy statements on the company's international Web sites were consistent, and some weren't posted in local languages. In one case, a privacy statement hadn't been updated when the site shifted from an informative site to an interactive site. The statement was changed, says Cowan. "We tell our customers the information we collect and what we do with it," she says.

One of the toughest jobs for chief privacy officers is creating a corporate culture that's sensitive to privacy concerns. All new employees get basic privacy training, and Cowan says the company plans to increase this instruction for employees at every level.

Cowan says one of her biggest challenges is making sure that all worldwide product development addresses privacy issues. She says American Express is creating a checklist to ensure that these issues are addressed early in the design phase. It has also designated "privacy champions" in global business units to ensure that attention is paid to local privacy issues.

Cowan says a key part of her job involves listening to customers' concerns and giving them the tools to protect their privacy. Last year, the company launched the first in a suite of privacy products that lets card members shop online without using their Amex credit card numbers. The company will soon offer a private browsing product that will allow customers to choose the amount of information they share when surfing.

Cowan says these privacy tools are an example of how industry self-regulation can work. "The marketplace will determine whether our customers trust us and want to continue doing business with us, and the marketplace will determine -- and should determine -- the rules of privacy," she says.

» posted by ITworld staff

Computerworld

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
peer-to-peer

Esther Schindler
If the comments are ugly, the code is ugly

claird
SVG a graphics format for 21st century

pasmith
Take Chrome OS for a test spin

Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?

sjvn
64-bits of protection?

jfruh
Android fragments vs. the iPhone monolith

mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive

 

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
view all newsletters »
Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
Marketplace