What is called the IT department today was originally known as data processing (DP). When computer systems first began to appear in companies, the DP department reported to accounting. After all, didn’t DP merely automate what the accountants had been doing manually for years? Because of this misclassification, accounting managers were monopolizing, and hence, stifling the technological potential of DP. To address this issue, DP was moved out of accounting. Under the leadership of chief information officers instead of accountants, the IT field flourished.

The L Word

IT departments have done a great job in the last decade. Lately, however, IT hasn’t entirely been taking care of e-business. With the advent of the Web, IT has had a whole new set of problems, specifically security and privacy issues. And handling their day-to-day concerns has prevented many IT departments from adequately addressing these new issues. For many companies, the consequences of dismissing these new issues have been severe—in a word, lawsuits.

To prevent security issues from turning into lawsuits, many companies have created a new senior-level position: chief privacy officer, or CPO. Companies including American Express, AT&T, IBM, Prudential, Microsoft, and DoubleClick have already created and filled CPO positions. David Steer, spokesperson for TRUSTe (www.truste.org), a nonprofit company that certifies the privacy reliability of e-commerce sites, explained the responsibilities of CPOs to Internet World (www.internetworld.com) on November 1, 2000: “They need to be able to talk with different types of people—the general counsel, the information services people, the public relations and marketing people—and they have to have the ability to recruit and work with top experts from the outside.”

I asked Michael Heikka, editor of MC’s Decision Support section, what he thought about the new CPO position. In addition to being a writer and developer, Michael is also a California lawyer and legal consultant. (He can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..) Michael had plenty to say:

The advent of the chief privacy officer post is a good development and represents a good first step on the road to e-business maturity. While many are in denial about the fact, the activity we call e-business—global electronic commerce—presents many more legal issues than traditional business ever did. In addition to privacy rights concerns, electronic

commerce presents legal issues in many areas, including intellectual property, trade secrets, taxation, antitrust, securities, consumer protection, international trade, defamation, and regulatory compliance, to name a few. And every session of Congress yields new legislation regulating some aspect of electronic commerce. Privacy rights are one of the more recent hot topics, and many more will follow. For example, taxation of Internet commerce is continually debated and may become a reality soon.

Michael predicts that, eventually, the chief privacy officer position will be a part of a multidisciplinary legal and technical compliance team that will be staffed by technologically savvy legal professionals and legally savvy technologists. The person who leads that team may be called a chief compliance officer or may be known by some other title. Michael thinks that compliance team members will play integral roles in the development and management of e-business projects, including collaborative commerce systems, e-commerce Web sites, and B2B exchanges. The compliance team will be responsible for determining what laws apply and devising a compliance plan, as well as translating those requirements into technical specifications and best practices that the company can employ in designing its business models, Web site logic, Web site design, practices, policies, and procedures. As Michael sees it, the technology compliance team will supplement and work in concert with the existing corporate legal team, which has traditionally been responsible for mergers and acquisitions, traditional regulatory compliance, litigation, labor law, commercial, and contractual matters.

Learning the Hard Way

Michael notes that companies that don’t learn to accept the role of legal professionals may go the way of MP3.com. Imagine the money MP3.com could have saved for its shareholders had it consulted with its attorneys and followed their advice prior to starting the ill-fated My.Mp3.com service. In the spring of 2000, MP3.com established a Web service providing CD owners with what was essentially a Web storage locker that would allow CD owners to listen to music from any Web-enabled device. The music industry called MP3.com’s reproduction process (a.k.a. a sharing service) a flagrant violation of music industry copyrights, and the courts agreed.

CPO, Or Not

While this shift will be as radical, if not more so, than the shift from DP to IT, eventually, e-businesses will learn to accept the role of legal professionals in the design of e-commerce systems and in the operation and management of “New Economy” businesses. Whatever your opinion on the idea of creating yet another upper-level management position, the CPO hiring trend clearly illustrates that Internet security issues are receiving close attention.

Don Denoncourt is a freelance consultant. He can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..

---

MC Press books written by Don Denoncourt available now on the MC Press Bookstore.

		Java Application Strategies for iSeries and AS/400 Explore the realities of using Java to develop real-world OS/400 applications. List Price $89.00 Now On Sale