Ad evolution
Perhaps there is no better person to discuss the evolution of the privacy profession than Jennifer Barrett Glasgow.
That's because she is widely considered to be the first-ever CPO and on the front lines today of an ongoing debate over internet privacy issues.
Two decades ago, Glasgow was tapped to create a privacy program at the marketing services firm Acxiom. At the time, Acxiom had just acquired a data company called InfoBase, which maintained a repository of customer intelligence that was gathered from public records and surveys for marketing purposes.
Now in the market to sell data, company leaders quickly realised they had to learn how to do so appropriately, while also generating revenue.
“It was in 1991 that I was asked to look at this thing called privacy and what it meant to the company,” Glasgow recalls. “I started out thinking it would be a 12- to 18-month project to figure out what we should be doing. And here I am 20 years later, though it's a very different scope and scale.”
Many of the regulations with which the company must currently comply didn't exist even five years ago, she says. For a global firm, navigating the changing regulatory landscape requires a dedicated team of personnel and constant monitoring.
These days, the organisation has a global privacy team of about 15 employees, organised geographically by region, focusing on the Americas, Europe, Asia-Pacific and Northern Africa.
The group establishes policies based on regulations, recommendations and industry best practices. It also helps to roll out the policies across its individual lines of business, which are ultimately responsible for maintaining compliance.
The privacy department also functions as an internal auditor, conducting periodic compliance reviews, Glasgow explains. As the company considers acquiring new products, the team conducts impact assessments to ensure compliance with company policy can be achieved.
Besides the growth in federal and state regulations, one of the changes impacting Acxiom's privacy program is the surge of so-called passive data collection, Glasgow says. When browsing the web for products or services, a cookie, or small data file, may be placed on a user's computer to allow advertising firms to silently track the URLs that user visits, as well as the date, time and duration of each visit. This data collection helps advertisers increase the effectiveness of their campaigns by serving consumers ads based on their preferences.
But, it has sparked an intense privacy debate that is currently playing out in Congress. A “do-not-track” bill, introduced in the US Senate in May, would offer web users the option to prevent advertising and marketing companies from collecting information about their web-browsing activities. The Do-Not-Track Online Act of 2011, introduced by Senator Jay Rockefeller is widely supported by a number of US privacy groups, including the American Civil Liberties Union and Electronic Frontier Foundation.
Members of the online advertising community, however, argue that such a law would hamper innovation and say the industry's self-regulation of such advertising has been effective to date.
Ultimately, advertising firms, like all companies that collect sensitive information, are obligated to protect consumers' data and consider privacy issues in any new products and services they offer, Glasgow says.
One of the questions privacy professionals must ask themselves is how much data stored on their networks is too much. “There's no-one-size-fits-all answer, but you need to be thinking about that,” she says.
 |
|
Microsoft: Privacy by Design Privacy, like security, must be considered during the development of new products and services – not after the fact, says Brendon Lynch, CPO of Microsoft. The approach, dubbed Privacy by Design (PbD), recently has risen to popularity within the privacy community, but is actually an idea Microsoft embraced when it started its privacy program more than a decade ago, he says. PbD was used, for instance, in the development of Microsoft's new, controller-free gaming and entertainment console, Kinect for Xbox 360. The system, which lets users control video games with their own voice and body movements, posed some unique privacy challenges due to its use of facial and body recognition technology to identify players. “The outcome is that we delivered it in a way that biometric information is only used on the device and never shared back to a server, and not stored in a way that can personally identify anyone,” Lynch says. The computing giant has more than 40 full-time privacy professionals and another 400 individuals who oversee privacy policies as a part of their role. Lynch says companies should work to manage data responsibly as part of a comprehensive privacy policy. It also is vital to be transparent about privacy practices and provide customers with a choice about how their data is used. He says failing to do so could not only tarnish a company's reputation, but also hinder its bottom line. “If we aren't responsible custodians of information, it's going to have a significant impact on our business." |
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
