Chief Privacy Officers Coordinate Enterprise Data Protection

Forrester recently interviewed 21 chief privacy officers (CPOs) to better understand the roles and responsibilities of their positions. We found that the CPO role is primarily employed by organizations for three specific areas of responsibility: 1) setting corporate strategy and policy; 2) educating employees and third parties; and 3) assessing the effectiveness of the organization's privacy protection. CPOs seldom have an extensive budget or a team of more than four — even in the largest organizations with hundreds of thousands of sensitive records. They must be unbiased and have excellent interpersonal collaboration and negotiation skills to be successful. Ideally the CPO reports to an enterprise risk executive to maintain independence. Moving forward, CPOs will expand their purview beyond just employee and customer records. Because inappropriately used corporate intellectual property also harms corporations and requires similar sensitive handling procedures, CPOs will acquire responsibility to protect corporate records along with personal information.