Raising the Privacy Issue

By Mike Spinney

Given concerns about RFID, companies need a high-level privacy strategy.

  • TAGS

Legislation designed to protect an individual’s private information from misuse has given birth to a new position within organizations: the corporate privacy officer (CPO). Many companies in healthcare, financial services and other industries now have CPOs to ensure compliance with regulations. While no laws have been passed in the United States limiting the use of RFID, adopters of the technology should consider hiring a CPO, who can monitor and address the real and perceived privacy concerns inherent with RFID. A CPO can add value to an organization in three critical areas.

Corporate strategy. A CPO can help a company develop and implement privacy policies. Companies err most often when they leave privacy oversight in the hands of a manager whose primary responsibility, say marketing, may be at odds with privacy practice or when they create a position with no power to influence strategy.

“You need to have someone who is going to pay attention to privacy issues,” says Alan Chapell, president of Chapell & Associates, a marketing firm focused on research and development of privacy-compliant corporate practices. “You need someone dedicated to understanding the landscape and who is thinking three to four years down the line.”

Advocate for good privacy law. A growing number of voices are calling for regulation of RFID technology. As these voices build in volume, the CPO plays a vital role in helping legislators understand the technology’s many benefits as well as potential problems. The CPO can track proposed legislation, lobby for the RFID industry and work within industry associations to develop sound strategies that address the concerns of privacy advocates and state and federal governments.

Raise public awareness. Open communication on privacy issues and efforts to educate the public will help build credibility for the industry and individual organizations. Reacting to crises without an established and credible history of trust can appear insincere. Studies by the Ponemon Institute, a think tank dedicated to research and education on responsible information and privacy practices, and Yankelovich Partners, a consumer information and trend research company, have established a positive correlation between a company’s perceived respect for privacy and a greater willingness on behalf of customers to do business with the company.

“As far as privacy goes, our biggest challenge is consumer education,” says Sandra R. Hughes, global privacy executive at Procter & Gamble. “Right now most consumers are either unaware or miseducated about [RFID]—what it is, what it does, how it works and how it can benefit them.”

A CPO should have experience dealing with regulatory concerns; a strong understanding of state, federal and international privacy law; and a strong grounding in RFID technology. Certification through the International Association of Privacy Professionals can help ensure broad comprehension of critical privacy issues.

A CPO can help move a company’s RFID deployment forward by having a reasoned and truthful influence on the debate about the technology and consumer privacy.

Mike Spinney, a certified information privacy professional, is newsletters editor for the International Association of Privacy Professionals and a principal of the communications consultancy SixWeight. To comment on this article, click on the link below.