The Rise of the Chief Privacy Officer

Your company’s responsibility as a steward of consumer data is greater than ever. Advances in technology have made it extremely easy to access and collect sensitive consumer data from disparate first, second, and third party sources, analyze that data, and then use that data to build sophisticated consumer profiles which could impact how you engage with that consumer.

Welcome to the age of the Chief Privacy Officer.

As market capabilities have grown, so too has the breadth of what could be considered sensitive consumer data.  No longer is it just name, address, birthdate, and social security number.  Collecting personal information such as transaction data at the product SKU level, digital IDs, location, viewing history, etc. is not only very easy, but also quite common.

As is the ability to tie that information directly to an individual – across both identifiable and (seemingly) anonymous online and offline activities. The technology exists to build more sophisticated Device Graphs, which connect disparate signals to a single persistent offline ID which can ultimately can be associated with an person.  Anonymous cookie ID ‘123’ can be connected to mobile device ID ‘ABC’ which is tied to IP address 123.456.789.123. Once you’re able to associate any of those signals to a individual “offline” signal (for example, a name, postal address, email address, etc.), you’re able to align all of the behavioral data through each of those channels back to that same individual.

And the number of signals that can be used for identification continue to grown.   Recent studies have shown that a phone’s battery behavior as well as the characteristics of a phone’s audio hardware are unique enough to create an anonymous identity for the device.

The responsibility of how this data is collected, the notice and choice that is provided to the consumer, how consumers can access and alter this data, and how your organization ultimately uses that data falls directly on the shoulders of the Chief Privacy Officer.

Let’s use the example of Uber’s recent study on the price elasticity of Uber rides, which showed that consumers are more likely to pay a surge fee if their battery level is low.  In this case, Uber is clearly collecting through its app (among other things) the battery level of your phone.  The obvious concern would be the use of that data in determining the price of a ride.  Uber could theoretically increase fares of consumers based upon their then current battery level, giving consumers with lower batter levels higher prices (because, theoretically, they would pay it).  This could have negative PR and legal consequences.

What is the consumer’s responsibility?

The right to collect, associate, and use this data is buried within each provider’s privacy policy.  It’s up to the consumer to understand what data is being collected, and how it is being used.  It is also the consumer’s responsibility to proactively opt out of marketing channels.

Unfortunately, technology has not made this process simple.   What was once a relatively easy offline process of opting out of receiving direct mail either through the brand or the Direct Marketing Association, has become more challenging as the number of media channels has grown.  Each channel has its own opt out process.  For example, in digital display on a browser it is – ironically – an opt out cookie that alerts brands to not track the consumer, while other channels that don’t support cookies must offer different alternatives.

What is your company’s responsibility?

This isn’t just a legal question.  A key function of the Chief Privacy Officer role is to understand not only the legal implications of actions your company takes, but also the moral and branding implications.  Ideally, actions are decided based upon what is best for the consumer, best for your company, and in compliance with local and federal laws and guidelines.

While the Chief Privacy Officer function won’t achieve the rockstar status that Chief Data Scientist has, it is certainly just as important as your company’s role as a data steward evolves.