Now more than ever, the relationships between chief information officers (CIOs) and chief privacy officers (CPOs)
play vital roles in IT decision making.
With government initiatives such as HIPAA (the Health Insurance Portability and Accountability Act) turning up the pressure to protect customer data, organizations have recognized the need to rank privacy ahead of almost all other issues.
For example, Carl Ascenzo, CIO at Boston-based health insurance provider Blue Cross Blue Shield of Massachusetts, believes that the aggressive inclusion of privacy-oriented strategy must be part of nearly every move he makes.
"Communication around customer data privacy and security issues has become an essential piece of everything we do in IT," he said. "I only expect this to increase, and we get an extreme level of support around this from our senior leadership down."
Along with Blue Cross Blue Shield's CPO, Ron Romano, Ascenzo said that he has been working for more than two years to prepare for the April 14 deadline for compliance with HIPAA privacy standards. Romano said that his role in this process is to create far-reaching company policies with Ascenzo, while the CIO must also focus on creating a technology environment that lends itself to those goals.
"Privacy is a critical part of our infrastructure," Romano said. "Carl and I have worked to build these policies into the very fabric of everything that we do, from an IT standpoint and beyond."
As a result, the executives said that they are well prepared for the launch of the demanding new HIPAA requirements, and they feel they've been ready for some time. In order to reach this point, they have had to enlist the help of numerous teams of business, IT and marketing professionals within Blue Cross Blue Shield, Ascenzo said.
"The key to getting where you need to go is teaming to create policies that become ingrained as part of the company philosophy," he said. "And that spans from internal employees to outside providers, even to IT vendors."
According to privacy expert Ray Everett-Church of the Philadelphia-based ePrivacy Group, the role of the CPO will expand in importance. Everett-Church believes that CPOs are moving beyond simply assisting CIOs in defining policies -- they're getting into management of information infrastructure and interfacing with marketing teams.
"CPOs will not only decide how organizations define practices and relationships, they will dictate the relations companies create with customers, how they leverage these contact points, where sensitive data is stored, and, importantly, who has access," Everett-Church said.
The expert said that more and more CPOs would find themselves working with business development and legal teams and, in some cases, product development departments.
According to Peter Gregory, principal analyst at the Seattle-based HartGregory Group, CPOs may soon rank as equals to CIOs in many organizations whereas, in the past, they were often junior executive members of IT management teams.
"I think you'll see a balanced triangle between the CIO, CPO and the chief security officer," Gregory said. "The CIO can't be seen as a potential roadblock to the privacy efforts. These executives have to work as a team if an organization is going to remain on top of all the issues."
FOR MORE INFORMATION