What is called the IT department today was originally known as data processing (DP). When computer systems first began to appear in companies, the DP department reported to accounting. After all, didnt DP merely automate what the accountants had been doing manually for years? Because of this misclassification, accounting managers were monopolizing, and hence, stifling the technological potential of DP. To address this issue, DP was moved out of accounting. Under the leadership of chief information officers instead of accountants, the IT field flourished.
The L Word
IT departments have done a great job in the last decade. Lately, however, IT hasnt entirely been taking care of e-business. With the advent of the Web, IT has had a whole new set of problems, specifically security and privacy issues. And handling their day-to-day concerns has prevented many IT departments from adequately addressing these new issues. For many companies, the consequences of dismissing these new issues have been severein a word, lawsuits.
To prevent security issues from turning into lawsuits, many companies have created a new senior-level position: chief privacy officer, or CPO. Companies including American Express, AT&T, IBM, Prudential, Microsoft, and DoubleClick have already created and filled CPO positions. David Steer, spokesperson for TRUSTe (www.truste.org), a nonprofit company that certifies the privacy reliability of e-commerce sites, explained the responsibilities of CPOs to Internet World (www.internetworld.com) on November 1, 2000: They need to be able to talk with different types of peoplethe general counsel, the information services people, the public relations and marketing peopleand they have to have the ability to recruit and work with top experts from the outside.
I asked Michael Heikka, editor of MCs Decision Support section, what he thought about the new CPO position. In addition to being a writer and developer, Michael is also a California lawyer and legal consultant. (He can be reached at
The advent of the chief privacy officer post is a good development and represents a good first step on the road to e-business maturity. While many are in denial about the fact, the activity we call e-businessglobal electronic commercepresents many more legal issues than traditional business ever did. In addition to privacy rights concerns, electronic
commerce presents legal issues in many areas, including intellectual property, trade secrets, taxation, antitrust, securities, consumer protection, international trade, defamation, and regulatory compliance, to name a few. And every session of Congress yields new legislation regulating some aspect of electronic commerce. Privacy rights are one of the more recent hot topics, and many more will follow. For example, taxation of Internet commerce is continually debated and may become a reality soon.
Michael predicts that, eventually, the chief privacy officer position will be a part of a multidisciplinary legal and technical compliance team that will be staffed by technologically savvy legal professionals and legally savvy technologists. The person who leads that team may be called a chief compliance officer or may be known by some other title. Michael thinks that compliance team members will play integral roles in the development and management of e-business projects, including collaborative commerce systems, e-commerce Web sites, and B2B exchanges. The compliance team will be responsible for determining what laws apply and devising a compliance plan, as well as translating those requirements into technical specifications and best practices that the company can employ in designing its business models, Web site logic, Web site design, practices, policies, and procedures. As Michael sees it, the technology compliance team will supplement and work in concert with the existing corporate legal team, which has traditionally been responsible for mergers and acquisitions, traditional regulatory compliance, litigation, labor law, commercial, and contractual matters.
Learning the Hard Way
Michael notes that companies that dont learn to accept the role of legal professionals may go the way of MP3.com. Imagine the money MP3.com could have saved for its shareholders had it consulted with its attorneys and followed their advice prior to starting the ill-fated My.Mp3.com service. In the spring of 2000, MP3.com established a Web service providing CD owners with what was essentially a Web storage locker that would allow CD owners to listen to music from any Web-enabled device. The music industry called MP3.coms reproduction process (a.k.a. a sharing service) a flagrant violation of music industry copyrights, and the courts agreed.
CPO, Or Not
While this shift will be as radical, if not more so, than the shift from DP to IT, eventually, e-businesses will learn to accept the role of legal professionals in the design of e-commerce systems and in the operation and management of New Economy businesses. Whatever your opinion on the idea of creating yet another upper-level management position, the CPO hiring trend clearly illustrates that Internet security issues are receiving close attention.