Chief Privacy Officer

The Chief Privacy Officer (CPO) is a senior level executive within a business or organization who is responsible for managing the risks and business impacts of privacy laws and policies. The CPO position is relatively new and was created to respond to both consumer concern over the use of personal information, including medical data and financial information, and laws and regulations, including, but not limited to, legislation concerning the protection of patient medical records (e.g., The Health Insurance Portability and Accountability Act of 1996, or HIPAA) and the use and safeguarding of consumer financial and banking transactions (e.g., The Fair Credit Reporting Act and its Disposal Rule, and the Gramm-Leach-Bliley Act and its Safeguards Rule and Financial Privacy Rule).

The position was first established at the Internet advertising firm AllAdvantage in August 1999, when it appointed privacy lawyer Ray Everett-Church to the newly created position, starting a trend that quickly spread among major corporations, both offline and online. The role of the Chief Privacy Officer was solidified within the U.S. corporate world in November 2000 with the naming of Harriet Pearson as Chief Privacy Officer for IBM Corporation. That event prompted one influential analyst to declare, "the chief privacy officer is a trend whose time has come."

By 2001, the non-profit research organization Privacy and American Business reported that a significant number of Fortune 500 firms had appointed senior executives with the title or role of Chief Privacy Officer. The growth of the Chief Privacy Officer trend was further fueled by the European Union's passage in the late 1990s of data privacy laws and regulations that included a requirement for all corporations to have an individual designated to be accountable for privacy compliance.

By 2002, the position of Chief Privacy Officer and similar privacy-related management positions were sufficiently widespread to support the creation of professional societies and trade associations to promote training and certification programs. In 2002 the largest of these organizations, the Privacy Officers Association and the Association of Corporate Privacy Officers, merged to form the International Association of Privacy Officers, which was later renamed the International Association of Privacy Professionals (IAPP). Today the IAPP holds several conferences and training seminars each year around the world, hosting thousands of association members spanning hundreds of major global corporations and government agencies, with hundreds of executives seeking certification programs in privacy management practices.