Re: Urgent Call For a Google At-Large Public Ombudsman

[David Farber <dave () farber net>]

Begin forwarded message:

From: "Synthesis: Law and Technology"  
<synthesis.law.and.technology () gmail com>
Date: June 13, 2007 3:26:19 PM EDT
To: dave () farber net
Subject: Re: [IP] Re: Urgent Call For a Google At-Large Public Ombudsman

Dave,

I think Ray has it right.  The problem is probably that they feel  
they are doing everything for privacy so see no need.  Since we don't  
see what actual internal controls are in place we don't have the same  
confidence. To paraphrase a famous expression -

Privacy must not noly be done, it must be SEEN to be done.

An Ombudsteam would go a long way to helping.  It is also important  
to remember that privacy is the big issue but it is not the only  
issue that an Ombudsteam will face.


Dan Steinberg

SYNTHESIS:Law & Technology
35, du Ravin phone: (613) 794-5356
Chelsea, Quebec
J9B 1N1

On 6/13/07, David Farber <dave () farber net> wrote:

Begin forwarded message:

From: Ray Everett-Church < ray () privacyclue com>
Date: June 13, 2007 6:30:35 AM EDT
To: dave () farber net, ip () v2 listbox com
Cc: "'Ray Everett-Church'" < ray () everett org>
Subject: RE: [IP] Urgent Call For a Google At-Large Public Ombudsman

What Lauren has described is in many ways the essence of a Chief Privacy
Officer... someone who minds the store on privacy matters in a proactive
way, moving easily between technical, marketing, strategic, and legal
matters, and making sure the hard questions are asked (and answered)
long
before products launch. At many large consumer-facing companies the CPO
heads a team of privacy professionals who become a central resource for
executives and front-line personnel alike, across the entire company,
across
all business units and at all levels of the organization.

When I created the first corporate CPO position and dedicated corporate
privacy team back during the dotcom boom days, some people scoffed at
whether a dedicated privacy person (much less a whole team) was really
necessary. Yet one need only look at the evolution of the industry
over the
last decade to see that the need for a CPO role and/or team at many
organizations has been proven beyond any shadow of doubt.

My work in evangelizing the importance of the CPO role led me to a
fascinating meeting at Google back in about 2001. I was told that
they were
hiring a lawyer to work on privacy matters, but I was somewhat surprised
that they defined that "privacy" role as mostly limited to responding to
subpoenas and other similar procedural matters. When I inquired about
how
they were intending to address the bigger privacy issues that were
already
starting to nip at their heels, I was told that privacy was so deeply
engrained in the corporate ethos that they really didn't see the need
for a
role like a Chief Privacy Officer.

Apparently they still don't.

I walked away from the interview shaking my head, knowing then that
privacy
was going to be an ongoing headache for Google. The last six years have
proven me right: with almost every major product/service release,
glaring
privacy issues have been evident and the company always seems shocked
and
surprised that anybody raises the issue. Time after time, it's clear
that
stuff is going out the door without any evidence of serious attention
to, or
mitigation of, those glaring problems.

I think Lauren's proposal is sound. But when I made a similar pitch
directly
to senior level executives at Google back in 2001, and again in 2004,
the
concept was met with such resounding indifference that I was forced to
conclude that privacy at Google was evolving from a blind spot into an
elephant in the room.

Today, I fear that acceding to a proposal such as Lauren's would require
them to admit that they'd gotten this one fundamentally wrong.
Unfortunately, the hubris that led them into this blind alley will
probably
prevent them from escaping it anytime soon.

Regards,
-Ray Everett-Church
http://www.privacyclue.com



-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com



--


-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com