For example, the chief privacy officer (CPO) in most organizations is tasked with looking out for the welfare of customers and ordinary citizens. When it comes to collecting personal data, the CPO's inclination is to collect as little data as possible. "On the other hand," the paper says, "marketing organizations like to collect and store as much [customer and prospect data] as possible -- and furthermore, repurpose the information when new marketing and sales campaigns are considered."
Similar tension occurs between an enterprise's CIO, whose responsibility is technology, and the CPO, who may not have a technical background, the paper notes. "The CPO is often confronted with a CIO's legitimate inability to implement privacy policies due to a lack of proper privacy-enabling technology, the expense and complexity of implementing privacy policies, and the resulting fragility of current application frameworks," the report states.
In essence, this means that even if the CPO is successful in achieving consensus on the best interests of the company, the resulting policy may not be enforceable because of shortcomings in privacy technology or a lack of budget to implement that technology, the report says.
In some cases, the tensions between stakeholders may be outside the CPO's control, according to the HP researchers. For example, customers and private citizens may be at odds with marketing organizations that share their data with others or that don't make privacy policies clear.
"[The] problem occurs when marketing managers purchase lists from third parties or from their advertising agents," the report states. "Customers in the marketer's database may have opted out, yet still be sent unwanted material via the third party on behalf of the originating party. Customers view this as spam and are provoked by their inability to make an opt-out 'stick.'"
And the tensions go on. The legal department generally believes the company should collect and store as little personal information as possible; marketing generally wants to collect as much data as possible; CPOs seek to keep data available, but private; CSOs often feel that any breach could cost them their jobs; enterprises and citizens seek to keep personal data private; and law enforcement agencies need personal data to investigate and prosecute crimes.
"Products that appeal to a CPO, CSO, and the corporate legal department -- and which support the goals of citizens and law enforcement agencies -- have the best chance for success," the report states.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message