IBM Appoints Chief Privacy Officer

Chibi writes "IBM has taken a step in what many would consider the right direction, as they have created a new position of 'Chief Privacy Officer.' They are looking at the position to be more policy-focused than technology-focused, and have appointed a lawyer to the postion."

Interesting Thought...

[Cardhore]

Carry out the common ideal here on slashdot that "information wants to be free" to its logical conclusion. Any private information about you is now free for me to know. I'm sure many people who love Napster would not like me knowing their names, home and IP addresses, internet usage histories, or a list of what magazines they subscribe to. So, would that trade off be worth it, ie. you can copy any CD's you want as long as websites can trade all the previously-thought private data that they've collected?

Consumers want to share music; corporations want to share personal information databases. Why should only one or the other be allowed to?

It's like saying if information is free all of it has to be.

Focus

[Cardhore]

They are looking at the position to be more policy-focused than technology-focused, and have appointed a lawyer to the postion.

Which OS is more policy focused: Windows 95, or Linux? I say Windows.

Which is better at securing your private data? I say Linux.

What does this tell us?

A lawyer eh?

[xee]

So, will he be like "What can we get away with?"


-------

Re:White Hat Of The Month!

[rgmoore]

I get the impression that the IBM anti-trust case had a radical impact on the company's behavior. It sounds as though their experience with the government being angry at them was sufficiently chastening that they've tended to bend over backward to avoid a repeat ever since. I almost get the impression that they've concluded that their business is so well off that they don't have to behave unethically to get an edge, and so the combined advantage of avoiding further government unfriendlyness and appearing to be nice guys is considered to be a smart business position.

the private privacy officer

[mmtowns]

Wouldn't it make sense to keep the name of the "privacy" officer (at least the chief one) private? I mean, 'undercover' cops are pretty much 'undercover' aren't they?

Let me get this straight...

[asackett]

Okay, what we have here is:

• Multinational Corporation
• An attorney
• The word "Privacy"

all used in the same paragraph. My butt cheeks are so firmly clenched that I may be driving myself to the emergency room in order that my next bowel movement can conclude successfully. I would trust an attorney with my privacy about as readily as I'd trust a rattlesnake to perform oral sex on me.

Okay, I'm at least moderately cynical and possibly more than minimally paranoid. But when a major multinational corporation appoints an attorney to a position supposedly advocating and protecting consumer privacy, and issues a press release about it, I check my calendar. Yep, sher enuff, it's still the year 2000. I still don't believe anything that comes out of an attorney's mouth, and I don't believe in a corporation that cares about me except as another contributor to the revenue stream.

If IBM has news it's released as a white paper. If it's released as a press release, it's just propaganda. Perhaps as the opposite of Your Rights Online, slashdot should have a category for this kind of thing called "Yeah Rights Online".

--

Super.

[Q*bert]

Before I went to work for IBM, they not only made me take a urine test for drugs, but also made me sign releases allowing them to check up on my financial history and "manner of living". Somehow I doubt this is going to change soon. Luckily, it was just an internship. I learned a lot of valuable things, including why not to work for IBM.

Vovida, OS VoIP
Beer recipe: free! #Source
Cold pints: $2 #Product

Nice Change for once

[I-R-Baboon]

Lawyer or not at least somebody is being hired to /protect/ privacy instead of sell and/or invade it.

Maybe this can start a new trend in the private direction in the once private world of privacy.

With a title like that...

[fonetik]

...It must be hell trying to get into his office.

Throws that who;e "Open Door" management thing right out.

Re:Reverse psychology! Way cool!

[workers_unite]

Placing government reps on corporate boards (every corporation? even 5-person outfits? who's paying for this?)

Yes, and what's the cost to the economy of Corporatism stealing from the people? That's trillions of dollars. In any case, the cost of oversight would minor. What are there, maybe 10,000 corporations in the country? Another 10K goverment employees is a drop in the bucket. Just eliminating corporate welfare would pay for it 10 times over.

Nationalization would be guaranteed to bring the French disease (labor inflexibility and lousy productivity, leading to economic contraction, unemployment and sky-high taxes, huge deficits or both) to the USA

I wouldn't use the French as my example. Their problems are with government corruption on the one hand, and too much selective corporatism on the other.

Look at Sweden. Government and the workers form a partnership. They could nationalize a lot more of their industry, but they are on the right road.

--

CPO vs. C3PO

[booch]

If a CPO is a Chief Privacy Officer, what would a C3PO be?

No it's about liability and preventing regulation

[swillden]

I can't see any way that IBM will increase its sales of security-related products by appointing someone to oversee the way in which it protects the privacy of its customers. It's much more likely that IBM wants to make sure it's doing whatever is necessary to protect its customers privacy to:

• Keep its customers happy.
• Make sure that it takes reasonable precautions to avoid liability that may be associated with violating customers' privacy.
• Encourage other companies to do the same in order to prevent the creation of onerous (to the companies) privacy regulations.

All in all, I think it's a responsible and wise move, and as a shareholder I applaud it, but I don't think it will have any real impact on sales of security products.

Re:Suggestion for Slash 2.0:

[jo42]

Ah, dot com wanker.

Just what we need!

[Martin Spamer]

Another Lawyer interfering in stuff they have little or no comprehension of. I guess we should be thankful it's not an Accountant or worse still a Marketeer.

Re:the issue of privacy

[ichimunki]

At the very least this helps them out when they get into hot water. The privacy officer is given the freedom to carp about the subject as much as necessary, but the end results are the responsibilities of IBM business managers. The privacy officer can unify and codify privacy policies for any/all subsidiaries and business lines to ensure the whole company is marginally consistent. Then, if there ever are questions from a legal standpoint there is both a person to be the lightning rod for resolution and for the board to point to and say, "hey, we care about privacy" and then hand the problem to that person.

Re:Let me get this straight...

[American AC in Paris]

I still don't believe anything that comes out of an attorney's mouth, and I don't believe in a corporation that cares about me except as another contributor to the revenue stream.

Well, they were looking for a geek to fill the role, but as fate would have it, every single applicant either got their long, curly beard caught in the escalator, snagged a red suspender loop on a coat rack, or dropped one of their Spock ears in the storm drain outside the office, and thus never actually made it to the interview.

Oh, for a world where all geeks didn't have long beards, red suspenders, and Spock ears. Of course, that's just about as likely to exist as a world with just, trustworthy attorneys. Wishful thinking, nothing more.

$ man reality

Re:Super.

[slim]

I've been led to believe this is far from unusual with US employers. IBM UK Ltd do nothing of the sort.
--

Re:Will this position be a rubber-stamp?

[rgmoore]

I think that a significant role of the privacy officer will be to research and decide on privacy policies that make the most sense from a business standpoint. As an example, one obvious thing to look at is whether guaranteeing customers' privacy would increase sales enough to make up for potential income from selling that information. If their eventual privacy decision is made based on real research (e.g. finding that selling email addresses to spammers hurts sales) it's going to be much more convincing to other corporate officers than vague ideas about breaching that privacy being morally wrong. The fact that the CPO is also a lawyer suggests that she may also be able to back that up with legal arguments about potential lawsuits caused by breaking a promise to keep certain information private.

I also suspect that IBM's history works in favor of privacy. IBM has always concentrated on selling to businesses, rather than to consumers, and those businesses are both more protective of their corporate information and more able to make a stink if it's not kept private than typical consumers. Selling private corporate information is likely to result in losing a profitable client and quite possibly a lawsuit to boot, so a business oriented company is going to want strong protections in place. That attitude is going to impact the whole corporate culture and carry over to their consumer branch.

Re:Will this position be a rubber-stamp?

[slim]

Say IBM get's a new CEO that wants to start selling the e-mail addresses of their web-store customers to other companies. Would the Privacy Officer have the power to stop this?

If the privacy policy given to said customers forbade selling on their email addresses, then that couldn't happen (unless IBM broke the law) - and that's partly what a privacy officer's job is: ensure that any services which hold data on people have a well-defined privacy policy. It's up to the customer whether or not an individual privacy policy is to their satisfaction; but anything done with the data within those boundaries is fair game.

In the UK, by the way, we have the Data Protection Act, which defines strict laws about what information you are allowed to store on individuals under what circumstances.
--

Re:Suggestion for Slash 2.0:

[talesout]

Um, did that really seem like rage to you?

I always thought rage was along the lines of cussing up a storm and basically YELLING so much that you make absolutely no sense at all. I'm just here for the entertainment. But of course, I'm guessing that sort of thing totally escapes the mentality of the common AC that thinks he can judge a person based on one conversation thread.

Re:Will this position be a rubber-stamp?

[jellicle]

If the privacy policy given to said customers forbade selling on their email addresses, then that couldn't happen (unless IBM broke the law) - and that's partly what a privacy officer's job is: ensure that any services which hold data on people have a well-defined privacy policy. It's up to the customer whether or not an individual privacy policy is to their satisfaction; but anything done with the data within those boundaries is fair game.

The problem is, that isn't true. It's doubtful whether a stated privacy policy actually creates any sort of contract between the company and customer; and there aren't any other legal obligations whatsoever. So a company can simply change their policies to ones that are much less favorable to the customer, and the customer has somewhere between zero and very little recourse. We've seen this numerous times - a half dozen of TrustE's customers have been caught blatantly violating their privacy policies and none of them have suffered any consequences whatsoever. At worst, it's a sort of "unfair business practice", for which there's little enforcement in the United States.

Re:Will this position be a rubber-stamp?

[heavyiron]

You bring up a point that adds to this role as CPO for an international organization like IBM. Since they not only do business, but have manufacturing facilities, and marketing/sales divisions around the world, all of the Privacy Policies and Laws in those geographies must be understood and adhered to.

Some time back, IBM said they wouldn't do business on the internet (even things like Advert banners) with sites that didn't have a stated privacy policy.

So I strongly doubt that this is a rubber-stamp position. What that individual's power is, and what they do with the position is, obviously, yet to be seen and proven.

Note to self

[11thangel]

Avoid companies that appoint lawyers to positions that involve my privacy (especially if lawyer has previously been a prosecutor).

Whooh! Dullsville.

[Denial of Service]

Is this a boring article, or freaking what? Sometimes, I have to wonder how the Slashdot crew is the least bit surprised at the number of trolls around here, what with real conversation starters like this masterpiece.

Geek 1 - IBM's got a new CPO. How about that?
Geek 2 - I hear he's a lawyer.
Geek 1 - A lawyer? Wow, that's a spicy meatball!

Cripes, this has absolutely no meat.

---

Central place

[Chacham]

That is nice. They'll have a central place with all the privacy policies. That gives a central place to get information on their policies and a central place to complain to. Noone can say it not their job, or push you off by saying that they'll look at it. I hope this works out well.

Will this position be a rubber-stamp?

[jayhawk88]

The idea of a privacy officer sounds great, but one has to wonder what happens if the concerns of said privacy officer start to conflict with the wishes of the company? Say IBM get's a new CEO that wants to start selling the e-mail addresses of their web-store customers to other companies. Would the Privacy Officer have the power to stop this?

The example I use is rather simplistic I realize, but this is an issue that get's more complex every day. Will company privacy policies hold up against the misguided wishes of a companies CEO, board of directors, or stockholders?

Re:If I had...

[Bob McCown]

And during your interview, Im sure she'd say "Nothing to see here, citizens, move along"

I don't get it...

[Rombuu]

So music should be freely available and downloadable by any idiot with a modem, since "information wants to be free", and software should be distributed with source code since its "wrong" to keep this information from people, yet for some reason, your name, address and phone number have some sort of sacred status??

Re:Suggestion for Slash 2.0:

[Siqnal 11]

It's misspelled in the article.

--

more privacy issues

[ancient-mariner]

an interesting column about the man personally can be found on bagledog [bagledog.com]

Re:Suggestion for Slash 2.0:

[talesout]

I believe your projecting again dumbass.

Fact:

1. I am 27.
2. I live in my own home that I have paid for.
3. My acne problems disappeared about twelve years ago.
4. I shower nightly, and occassionally take a "wake up" shower in the morning.
5. I don't have a sister, or a brother.
6. My parents are very much alive, and are such idiots that I do not understand how I even survived childhood, let alone developed any mental skills at all. But, that's probably true of most people.

The fact that I'm bored enough this afternoon to even dignify you with a reply is pretty amazing in and of itself. But, it is obvious that slashdot is pretty much for trolling and spamming anyway. No need to behave like a rational human being. You sure as shit are living proof of that aren't you?

Re:Consumer Privacy... clever

[talesout]

If you read the entire article they said something about Microsoft's Chief Privacy (blah, blah, blah) is a good example of someone "stepping up to the challenge". So I'm guessing that means that the challenge is to convince people they aren't losing control while slowly slipping the knife in between their ribs.

I know the last time that I was stupid enough to send my name to MS as a registered user I got junk mail for about six months from places I'd never heard of before. Good privacy there!

Please, mark me down. We can't have a negative thought about Microsoft on Slashdot.;-)

Yes but will they name the person?

[coupland]

I suppose it would be in violation of the spirit of the announcement for them to actually tell you who they appointed, wouldn't it? :P

Government appointed reps

[workers_unite]

Excuse me, but I don't trust any mammoth corporation to "protect me" by putting up some fake figure head.

What we need is to either nationalize these mammoth corporations, or at the very least require one government representative to be put on every board of directors -- by law -- with veto power over any decision. Only by providing oversight with a people's representative can we be assured that the riens of their extreme power can be brought under control.

Again, I'd rather see them nationalized, but I think this would be a good first step.

--

White Hat Of The Month!

[seebs]

Whitehat.com awarded part of IBM a White Hat of the Month award in February. I have no idea whether the site is still actively maintained, but WhiteHat was an attempt at replacing crap like TRUSTe with an organization that actually *cared*.

IBM is moderately serious about privacy. They are the only major vendor (except Compaq) that hasn't spammed either me or anyone I know. Gateway has spammed most of the people I know; Dell has spammed a couple of them, etcetera etcetera. IBM has had my email address in their databases for two years without bugging me, and has been very good about sending me information I asked for *and nothing else*.

I know it seems weird, but IBM may actually be one of the more ethical companies out there, in this regard.

Re:TROLL TUESADY

[medicthree]

Not Here On The West Coast! How do you feel about the student tax?

Overrated.

[smack_attack]

Screw privacy, I'd rather become famous.

Do you want to be the guy that never gives out personal information and is paranoid freak, or do you want to be the guy everyone knows about?

Of course, to give out confidential information (CC numbers, SSN, account numbers) is just stupid except where you are buying things.

This is about selling prods and services

[gelfling]

You can't sell a service if you can't name it so this is the name attached to selling that service. You sell privacy services - makes sense since as the article mentions you can't sell security explicitly. It's like trying to sell life insurance or tombstones. No one wants to deal with it until they have to. Moreover since security and privacy tends to take a tools approach its very hard to put the tools wonks in front of customers and execs. They don't communicate well with one another.

Trust me - IBM would not make a public announcement of an executive level lawyer/engineer (can you say patent attorney?) just because 'privacy' gives someone a woody. It's to create a business function that can be used to sell privacy products like PKI and smart cards, encrypted MQ, safe Notes, private email. Or it's to sell consulting services like 'how to insure your customers' privacy' or 'how to insure that employee web surfing is being tracked legally' or 'getting that search warrant for your employees home computers' and so on.

Or if I were cynical I'd put it in the "Minister of Information" category - to whit - insuring that there is absolutely no privacy at all.

Re:White Hat Of The Month!

[RickHunter]

Remember that IBM got nailed hard with an antitrust lawsuit a few years back. Ever since, they've had to be very, very careful about their behavior (since they're still a very large company) to avoid a repeat.

-RickHunter

Policy vs Technology focus - another point of view

[dpilot]

But privacy is closely related to security, and anyone truly versed in security knows that policy is the real issue. You can throw all the technology at your security that you want, and if the policies are broken most likely the security will be, also. But if you have a good security policy, it will guide you on the correct technology to deploy, how to deploy it, and how to assess and manage the risks you are taking.

Read the articles, and you'll see that that's what this is about.

Depends on how you read this

[Alien54]

I mean, what would you say if any of the following announced such a corporate position (Chief Privacy Officer) - (although It does sould like a Chief Petty Officer to me, a senior enlisted rank in the navy)

• Microsoft
• The IRS
• Al Gore/George Bush (pick one)
• Torvalds
• Your Local CouncilMan or City Official
• Your Boss
• Finance Institutions
• etc.

gets interesting after awhile ....

Reverse psychology! Way cool!

[Tau Zero]

What we need is to either nationalize these mammoth corporations, or at the very least require one government representative to be put on every board of directors -- by law -- with veto power over any decision.

Ah, a wonderful idea! Nationalization would be guaranteed to bring the French disease (labor inflexibility and lousy productivity, leading to economic contraction, unemployment and sky-high taxes, huge deficits or both) to the USA. Placing government reps on corporate boards (every corporation? even 5-person outfits? who's paying for this?) would be a wonderful way to politicize the economy in the worst way.

The resulting collapse and manipulation of the economy for political ends would discredit socialist measures on this continent for the next century, and probably lead to Constitutional prohibitions against any such meddling ever again. We could call it (between ourselves) the New Deal Socialist Repeal Act, because that's what it would produce. And about time; we've already had sixty-odd years of wretched government excess, and it'll take some shock treatment to get the sheeple to realize what it's done to them. It would be like smoking a pack of cigarettes as your introduction to tobacco; you'd never want to touch it again.

This dyed-in-the-wool libertarian capitalist says, let's do it!
"
/ \ ASCII ribbon against e-mail
\ / in HTML and M$ proprietary formats.
X
/ \

Remember _1984_?

[TWX_the_Linux_Zealot]

<conspiracy theory>

Remember, in George Orwell's "1984", many of the organizations and positions were named opposite of what they actually did... the Ministry of Peace made war, etc. Newspeak has become more and more common with corporate America (I don't know first hand about elsewhere, but I'd imagine that it's vying for its share there too), and phrases like "we must accentuate our efforts to prioritize gross revenue intake to better posture our entity in the market" and other crap like that, and eventually language will mean nothing. They might not be like _that_, but remember, just because it hasn't happened (that we know of) doesn't mean it can't happen...

</conspiracy theory>


"Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."

Re: Marx

[borg_1of0]

I finally realized why Marxism will not work. "From each to his ability, To each for his needs" Duh, there are so many stupid people that the ability of the few will be stretched quite thin.

Re:Interesting Thought...

[Goonie]

Consumers want to share music; corporations want to share personal information databases. Why should only one or the other be allowed to?

Firstly:s/consumers/citizens/g.
Now that I've gotten that bugbear out of the way. My answer to the question you pose is simply: because I, and many others around here, think that a corporation's rights are subisidiary to citizens ' rights.

Return of the frat jerks

[AntiPasto]

Alright ladies! It's just me, the privacy officer, checking the bathroom...

----

Weird thing to do?

[r-jae]

How is this weird? Explain yourself. I think it's a socially responsible move by IBM.

Slashdot is a big advocate of privacy - so I would've thought that everyone would be supporting action like this.

It's a step more companies should take.

Cheers,
Daniel.

--

Daniel Zeaiter
daniel@academytiles.com.au
http://www.academytiles.com.au
ICQ: 16889511

uh huh...and this is gonna help?

[fjordboy]

policy-focused than technology-focused, and have appointed a lawyer to the postion."

Lets see...a policy driven lawyer that is going to help ibm with the privacy issues? Riiiiiight....

\/\/ow

[sckeener]

For once someone is learning from some elses mistakes....
(realplayer)

More info

[Tomcow2000]

The Register [theregister.co.uk] has a good article on this also.

Consumer Privacy... clever

[daniell]

Ah. I'm not sure how many of you read that as privacy for the company and it's employees, but apparently the intent was more to concern themselves specifically with the impact they have on other's privacy, primarily their customers'. I think that this is a very nice turn of events that there is some form of decision making going on in protecting and ensuring a level of privacy to all the people who deal with the company. This should be done everywhere in a more centralized and overall rational manner.

-Daniel

the issue of privacy

[Juliet]

the issue of privacy, from a policy position is something that is importent.. but to "create a position" and "appointing" an officer.. it seems more to be a PR thing than something with true merit.

IBM wasn't the first

[Tim Macinta]

TiVo hired a Chief Privacy Officer about two months ago [tivo.com]. TiVo may or may not have been the first (I don't know), but IBM was not the first as seems to be the implication here. It's good to see a big company picking up on this, though.

Zero sum?

[ABetterRoss]

I don't see the advantage here? Wouldn't a privacy initiative cancel out (or at least diminish) publicity efforts?

Some things just have to be private...

[ejbst25]

In many ways I look at this article and wonder if this means people will assume that IBM is trying to close itself off to people. I think with any company looking to make money...there are always things that must remain private. While this could be the problems of another company, it also has a lot to do with new innovative research, policies, etc. I don't think that this is really a surprise to anyone and was frankly surprised to even see it on slashdot. I am of the belief that this is a good and practical thing for any company of any size with the slightest amount of confidentiality/innovation to consider.

------
My opinions do not at all represent my employers.

my problem

[tralfamador]

is if this is a "policy" issue and not a "technology" issue, why wasn't this done a long time ago. if technology isn't the reason, they could have been concerned about the privacy of their customers long ago, however, they've probably already sold those names and addresses and phone numbers already.

Interesting.

[TheFlu]

I was just at TRUSTe's site, and I couldn't seem to find any information on their own Chief Privacy Officer, just a list of people on the Board of Directors. Shouldn't a company that exists solely to advocate privacy have a Chief Privacy Officer? Maybe I just didn't look hard enough.

Come one come all! (except you, the funny looking one) The Linux Pimp [thelinuxpimp.com]

It may be a good thing...

[b0z]

Well, maybe. In the article it says:

On the horizon, companies and consumers face serious challenges "over locational issues," whereby wireless technology makes it easier to pinpoint handheld and cellular phone users, Pearson warned.

From that statement she sounds paranoid enough to fit in on Slashdot so that's good enough for me. Hopefully her job allows her to do more than just sit there and sharpen pencils all day though. If she is allowed to do her job, and given the resources she needs, I think this is definitely a good thing. But, if this was purely a move by IBM to get publicity, and don't intend to give her any real power, then it's useless and will give a bad example to the rest of the industry. We'll see what happens.

Re:uh huh...and this is gonna help?

[Anonymous Coward]

Yes, this has a very good chance of helping. What would you prefer--that big, powerful companies continue to run roughshod over provacy rights as they have been, or that they take public steps like this to be responsible? Maybe this IBM effort will amount to zip in the long run, but I'd much rather see them take this step now that continue to ignore the issue as so many other companies are doing.