Similarly, privacy advocate Lauren Weinstein posted on his blog a call for what he termed an At-Large Public Ombudsman at Google, to help them address their ongoing privacy issues and other public policy concerns.
What both of these commentators describe is the essence of a Chief Privacy Officer (CPO). Its someone who minds the store on privacy matters in a proactive way, moving easily between technical, marketing, strategic, and legal matters, and making sure the hard questions are asked (and answered) long before products launch.
At many large consumer-facing companies the CPO heads a team of privacy professionals who become a central resource for executives and front-line personnel alike, across the entire company, across all business units and at all levels of the organization. When I created the first corporate CPO position and built one of the first dedicated corporate privacy teams back during the dotcom boom days, some people scoffed at whether a dedicated privacy person (much less a whole team) was really necessary. Yet one need only look at the evolution of the industry over the last decade to see that the need for a CPO role and/or team at many organizations has been proven beyond any shadow of doubt.
My work in evangelizing the importance of the CPO role led me to a fascinating meeting at Google back in about 2001. I was told that they were hiring a lawyer to work on privacy matters, but I was somewhat surprised that they defined that "privacy" role as mostly limited to responding to subpoenas and other similar procedural matters.
When I inquired about how they were intending to address the bigger privacy issues that were already starting to nip at their heels, I was told that privacy was so deeply engrained in the corporate ethos that they really didn't see the need for a role like a Chief Privacy Officer.
Apparently they still don't. I walked away from the meeting shaking my head, knowing then that privacy was going to be an ongoing headache for Google.
The last six years have proven me right: with almost every major product/service release, glaring privacy issues have been evident and the company always seems shocked and surprised that anybody raises the issue. Yet each time, it's clear that stuff is going out the door without any evidence of serious attention to, or mitigation of, those glaring problems.
While I hope that Google finally heeds these public calls to get serious about managing their privacy problems, I still have significant doubts.
When I was evangelizing privacy management to executives at Google back in 2001, and again in 2004, the indifference with which my efforts were met told me that privacy at Google was evolving from a blind spot into an elephant in the room.
Today, I fear that addressing this serious deficiency in their privacy process would require Googles executives to admit that they'd gotten this one fundamentally wrong. Unfortunately, the hubris that led Google into this blind alley will probably prevent them from escaping it anytime soon.
While that is good news for Googles competitors, its bad news for all of us whose privacy rests in Googles hands.