What is a Chief Privacy Officer? An Analysis Based on Mintzberg's Taxonomy of Managerial Roles

Abstract

Given the growing concern over information privacy abuse, potential lawsuits, and threats of increased government privacy legislation, an increasing number of firms are resorting to Chief Privacy Officers (CPOs) as a means to cope with information privacy. However, little is yet known about the job responsibilities and roles of this emerging corporate position. This study examines the critical managerial roles of CPOs. Drawing from in-depth interviews at three large firms and from secondary sources of data, this study uses Mintzberg's framework for managerial work to develop a taxonomy of key managerial roles for the emerging position of Chief Privacy Officer. From our analysis, we conclude that Chief Privacy Officers function with role responsibilities in four main areas: informational (monitor, disseminator, spokesperson), interpersonal (figurehead, liaison), conflict management (disturbance handler, negotiator), and strategic management (entrepreneur). Our analysis also suggests that no single managerial role is most important. Rather, multiple roles are required of CPOs. To meet these multiple role requirements, effective CPOs must possess strong business, communications, and technical skills. Our results suggest that Chief Privacy Officers tend to operate at high levels of organizational hierarchies as evidenced by the importance of their externally related job roles of figurehead, liaison, and spokesperson.