On a number of occasions I’ve had strong disagreements with Lauren, but I’m with him on this one. Unfortunately though, I just don’t see it happening. Why? Here is my response to the discussion thread on IP:
What Lauren has described is in many ways the essence of a Chief Privacy Officer… someone who minds the store on privacy matters in a proactive way, moving easily between technical, marketing, strategic, and legal matters, and making sure the hard questions are asked (and answered) long before products launch. At many large consumer-facing companies the CPO heads a team of privacy professionals who become a central resource for executives and front-line personnel alike, across the entire company, across all business units and at all levels of the organization.
When I created the first corporate CPO position and dedicated corporate privacy team back during the dotcom boom days, some people scoffed at whether a dedicated privacy person (much less a whole team) was really necessary. Yet one need only look at the evolution of the industry over the last decade to see that the need for a CPO role and/or team at many organizations has been proven beyond any shadow of doubt.
My work in evangelizing the importance of the CPO role led me to a fascinating meeting at Google back in about 2001. I was told that they were hiring a lawyer to work on privacy matters, but I was somewhat surprised that they defined that “privacy” role as mostly limited to responding to subpoenas and other similar procedural matters. When I inquired about how they were intending to address the bigger privacy issues that were already starting to nip at their heels, I was told that privacy was so deeply engrained in the corporate ethos that they really didn’t see the need for a role like a Chief Privacy Officer.
Apparently they still don’t.
I walked away from the interview shaking my head, knowing then that privacy was going to be an ongoing headache for Google. The last six years have proven me right: with almost every major product/service release, glaring privacy issues have been evident and the company always seems shocked and surprised that anybody raises the issue. Time after time, it’s clear that stuff is going out the door without any evidence of serious attention to, or mitigation of, those glaring problems.
I think Lauren’s proposal is sound. But when I made a similar pitch directly to senior level executives at Google back in 2001, and again in 2004, the concept was met with such resounding indifference that I was forced to conclude that privacy at Google was evolving from a blind spot into an elephant in the room.
Today, I fear that acceding to a proposal such as Lauren’s would require them to admit that they’d gotten this one fundamentally wrong. Unfortunately, the hubris that led them into this blind alley will probably prevent them from escaping it anytime soon.