The complex web of regulation in the US: the case of privacy

Abstract

Privacy regulation involving the internet presently is a complex mix of Federal laws and laws of other countries, mixed with a tangle of self-regulation. With a long queue of bills pending in the Congress, and numerous State Attorneys General looking at adopting some form of privacy legislation, privacy is a hot-button issue among regulators. All of this policy interest, coupled with growing consumer concern over privacy – especially in the aftermath of September 11, 2001 – has led many firms to realise privacy no longer is a topic that can be ignored. In response, many companies have created a new senior level, corporate post to deal with privacy issues: the Chief Privacy Officer (CPO). In 2001, there were thought to be fewer than 100 people with the CPO title, or its equivalent. That number has grown dramatically and may now exceed 1000. The CPO title now exists in organisations across industries as diverse as health care, insurance, high tech, telecommunications, universities, hospitals, and others. Not only in the USA, but around the world, firms are creating this position to sort out the legal, ethiqcal and social issues with privacy. This paper looks at the role CPOs play in establishing both corporate privacy policy as well as public privacy policy. It also examines those industries that have embraced this approach to dealing with privacy concerns, and considers the implications of this new corporate position in the ongoing debate over privacy protections.