[IP] Re: Urgent Call For a Google At-Large Public Ombudsman

[David Farber <dave@farber.net>]

Begin forwarded message:

From: Ray Everett-Church <ray@privacyclue.com>
Date: June 13, 2007 6:30:35 AM EDT
To: dave@farber.net, ip@v2.listbox.com
Cc: "'Ray Everett-Church'" <ray@everett.org>
Subject: RE: [IP] Urgent Call For a Google At-Large Public Ombudsman

What Lauren has described is in many ways the essence of a Chief Privacy
Officer... someone who minds the store on privacy matters in a proactive
way, moving easily between technical, marketing, strategic, and legal
matters, and making sure the hard questions are asked (and answered)  
long
before products launch. At many large consumer-facing companies the CPO
heads a team of privacy professionals who become a central resource for
executives and front-line personnel alike, across the entire company,  
across
all business units and at all levels of the organization.

When I created the first corporate CPO position and dedicated corporate
privacy team back during the dotcom boom days, some people scoffed at
whether a dedicated privacy person (much less a whole team) was really
necessary. Yet one need only look at the evolution of the industry  
over the
last decade to see that the need for a CPO role and/or team at many
organizations has been proven beyond any shadow of doubt.

My work in evangelizing the importance of the CPO role led me to a
fascinating meeting at Google back in about 2001. I was told that  
they were
hiring a lawyer to work on privacy matters, but I was somewhat surprised
that they defined that "privacy" role as mostly limited to responding to
subpoenas and other similar procedural matters. When I inquired about  
how
they were intending to address the bigger privacy issues that were  
already
starting to nip at their heels, I was told that privacy was so deeply
engrained in the corporate ethos that they really didn't see the need  
for a
role like a Chief Privacy Officer.

Apparently they still don't.

I walked away from the interview shaking my head, knowing then that  
privacy
was going to be an ongoing headache for Google. The last six years have
proven me right: with almost every major product/service release,  
glaring
privacy issues have been evident and the company always seems shocked  
and
surprised that anybody raises the issue. Time after time, it's clear  
that
stuff is going out the door without any evidence of serious attention  
to, or
mitigation of, those glaring problems.

I think Lauren's proposal is sound. But when I made a similar pitch  
directly
to senior level executives at Google back in 2001, and again in 2004,  
the
concept was met with such resounding indifference that I was forced to
conclude that privacy at Google was evolving from a blind spot into an
elephant in the room.

Today, I fear that acceding to a proposal such as Lauren's would require
them to admit that they'd gotten this one fundamentally wrong.
Unfortunately, the hubris that led them into this blind alley will  
probably
prevent them from escaping it anytime soon.

Regards,
-Ray Everett-Church
http://www.privacyclue.com



-------------------------------------------