Analysis of industry-specific concentration of CPOs in Fortune 500 companies

Abstract

In June 2005, a unIt of LexIs-nexIs dIscovered the theft of 310,000 customer records containing sensitive information such as customer names, addresses, social security numbers, and driver's license numbers. 5 This incident followed closely on the occasion of ChoicePoint's disclosure of the theft of personally identifiable information (PII) of hundreds of thousands of customers and Bank of America's declaration that it lost backup tapes containing information on 1.2 million customers. 16 Given the seriousness of the matter, firms are struggling with finding ways to best ensure the privacy of their customer's and employees' sensitive data. Regulatory systems, especially those in the U.S., have been very active in the past four years in trying to find ways to combat such problems; for example, in mid-2002, as many as 80 privacy laws were being considered by the U.S. Congress. Such highly publicized laws as HIPPA, Sarbanes-Oxley, and the Gra-ham-Leach-Bliley Act have profoundly changed the firm's responsibilities to protect the privacy of information of its key stakeholders. However, laws and technology alone cannot ensure the implementation of safe privacy policies ; Vijayan 13 discusses a number of difficulties in applying new technologies and inventing new business practices to monitor and ensure privacy compliance, respecting stakeholder privacy choices, and overseeing the privacy practices of business suppliers, partners, and vendors. Therefore, privacy is viewed by many organizations as a vital management issue , shaped by a complex environmental factors emanating from economic, political, social and technological factors. Recently, a number of firms and public sector entities began to address the issue of privacy in a more radical way through the creation of a new corporate wide job function—that of chief privacy officer (CPO). A number of academic and practitioners attribute the emergence of this position to a public awareness of privacy. 10 The position of the CPO is a relatively new one; the first CPO being hired in 1999. 1 Given the novelty of this position, it can be expected that one finds most of the CPO literature to be prescriptive in nature. Some describe the key functions of the CPO, and others look into the required capabilities and competencies of the position. To the best of our knowledge , no study has investigated the level of concentration of CPOs in specific industries; such as, why some organizations decide to create a CPO position while others, decide against it. This study addresses the CPO concentration …

DOI: 10.1145/1498765.1498802

Extracted Key Phrases

1 Figure or Table

Cite this paper

@article{Shalhoub2009AnalysisOI, title={Analysis of industry-specific concentration of CPOs in Fortune 500 companies}, author={Zeinab Karake Shalhoub}, journal={Commun. ACM}, year={2009}, volume={52}, pages={136-141} }