Wednesday, April 30, 2014
Corporate Privacy Problems Start at the Top
Following up on my post from earlier in the week, in my new project, Corporate Privacy Problems Start at the Top, I argue that the privacy preferences of key corporate executives can play an important role in determining the privacy practices of a corporation.
If courts or congress or the SEC clarify that corporate executives must give up their privacy and disclose to shareholders any personal information about themselves that shareholders might consider relevant, then we would expect to see a sorting effect in which individuals who care about privacy will choose other career paths and options. This will tend to result in overrepresentation among corporate executives who come from the side of the privacy spectrum that does not value privacy. This sorting effect likely already exists, although in a weaker form, even with the current ambiguity regarding the ability of corporate executives to maintain their privacy.
In his research, privacy scholar Alan Westin found that individuals on the "privacy unconcerned" side of the privacy preferences spectrum, not only did not care about their own privacy, but actually did not understand what the privacy fuss was all about. If Westin is right, then corporate leaders drawn from that portion of the privacy spectrum are likely to be unable to accurately understand the extent to which employees and consumers value privacy. This is particularly an issue when a particular corporate decision is not itself about privacy, but has privacy implications that the corporate executive may not even recognize.
Even without Westin's conclusion, we might expect that individuals who have traded their own privacy in order to pursue their financial and corporate leadership dreams, would want to validate that decision by expecting that others (employees, consumers) would also be willing to trade their privacy to obtain things such as employment or the corporate product. Either way, if the corporate decisionmakers care less about privacy they are less likely to place a high value on privacy in the running of the corporation.
This understanding is consistent with management scholar H. Jeff Smith's landmark 1994 study of corporate privacy preferences in which he found that corporate executives almost entirely ignored privacy decisions, leaving them to midlevel managers. It is also, however, consistent with Kenneth Bamberger and Deirdre K. Mulligan's subsequent study, "Privacy on the Books and on the Ground", 63 Stan. L. Rev 247 (2010)" in which they studied the practices of corporations who are considered industry leaders in privacy. One of the main characteristics they found among those corporate privacy leaders is the rise of the "chief privacy officer" positions. For various reasons, CPO's are more likely to be individuals who themselves value privacy. Furthermore, because their entire role is dedicated to spotting potential privacy issues even when a corporate decision does not seem to be about privacy, the rise of CPO's means that there is someone in the corporate suite who can bring the privacy issues to the table, in the way that the other corporate executives may not be able to do. This suggests that CPO's can be even more important as a matter of good corporate governance than previously recognized in order to overcome the lack of privacy priorities by the rest of the corporate suite.
Posted by Victoria Schwartz on April 30, 2014 at 02:21 PM | Permalink
I wonder about how this sorting mechanism would work in practice.
Suppose you were to poll law professors about their interest in become federal district court judges. While I personally would like to be a judge some day, I'd have to weigh the value of that against the seemingly endless series of Senate hearings, delays and interrogations. Compared to that, cushy law professor anonymity seems a great deal, and I think many law profs would think twice.
If it were a Supreme Court appointment, the calculus is a little different. On the negative side, there's even more intrusiveness and partisan vitriol involved. But on the positive side of the ledger is the chance to shape history. Few law professors would decline that chance, I think.
This brings me to your CEOs. I assume we're talking about big public companies that pay CEOs a lot of money (though I presume the disclosure rules would apply to lesser-known, less-well compensated leaders of smaller public companies, too). If someone is going to pay me $10 million dollars a year to be CEO, I am going to re-adjust my notions of how much privacy is really essential for my happiness. And with 10M, I can buy a lot of "non-discolosable" privacy that could compensate for the greater scrutiny (think high-security mansions and private jets).
If this is an accurate picture of how CEOs might think about the issue, it's going to be hard to measure the impact of disclosure requirements on the pool of CEO talent. And while Facebook might be an unusually clear illustration of how a tone-deaf "tone at the top" can play itself out across policies inflicted on hundreds of millions of customers, I really wonder if this would look so clear if users were in a position to move easily to other, more privacy-concerned platforms. In other words, most companies don't have FB's first-mover privileges, and that gives them a lot of room for maneuver. I think that the potential financial rewards/risks for companies are far more likely to dictate a company's approach to privacy than the individual privacy preferences of their CEOs.
Posted by: Adam | Apr 30, 2014 2:55:49 PM
I'm not sure corporate executives - much less corporations - can be said to exhibit a singular attitude towards privacy. Some corporations may be very inclined towards protecting their customers' privacy because privacy-friendly policies result in increased sales and revenue and help burnish the brand. The same corporations might register quite different attitudes towards workplace privacy concerns depending on how easy (or difficult) it is to attract and maintain employees. So, in many instances, markets will play an important role. (Granted, that role will differ depending on the industry). If the consumer or employee demand for increased privacy is great enough, it may drown out the personal, CEO-sorting effect you fear.
Posted by: Miriam Baer | Apr 30, 2014 5:31:01 PM
Adam and Miriam, thank you both for your really thoughtful comments. I don't disagree that consumer or employee markets could potentially play a larger role in dictating the company's approach to privacy. I don't in any way feel that the CEO's privacy preferences is the sole causation here. My sole purpose with this project is to add an additional unrecognized piece to the existing puzzle, that might be particularly important, as you point out, in companies where for various reasons there is a market failure for privacy on the consumer or employee side.
Posted by: Victoria Schwartz | May 1, 2014 12:47:28 PM