The Rise of the Privacy Officer

A Chief Privacy Officer (CPO) is a relatively new role in business, even though ideas about privacy have been germinating since the 1970s. Back then, before the explosion of digital information, most of what individuals left as a footprint was based on things that could be attributed to us personally. So, buying a house or a car, or being arrested—anything that you did personally that left a paper trail could be considered a privacy issue. For the US, the U.S. Privacy Act was innovative legislation, incorporating ideas like data minimization, right to access, and right to correct—it is limited to data collected by the US government from its citizens. The Privacy Act had no impact on private industry or what data could or could not be collected on the Internet by companies, but it was a start in addressing personal privacy. Where things started to change was with health care information.

For the European Union (EU) in the early 1970s, countries like the United Kingdom began adopting broad laws intended to protect individual privacy. Throughout the world, there is a general movement toward the adoption of comprehensive privacy laws that set a framework for protection. Most of these laws are based on the models introduced by the Organization for Economic Cooperation and Development and the Council of Europe.

In 1995, conscious of both the shortcomings of the law, and the many differences in the level of protection in each of ...