Mission: saving private data

Author (Person)
Series Title
Series Details Vol.7, No.22, 31.5.01, p15
Publication Date 31/05/2001
Content Type

Date: 31/05/01

The digital economy has created a new breed of senior executive - the chief data officer. Paul Clark of technology giant EDS explains their role to Peter Chapman

IN THE beginning there was the CEO. Then came the CFO and the COO. All three corporate acronyms have become accepted shorthand for the chief executive, financial and operating officers of any large firm.

Enter the CDO. The chief data officer is a new breed of top executive, born of the digital economy and rise of globalisation and institutionalised by a rash of new electronic privacy laws.

Paul Clark, CDO of US information technology-services giant Electronic Data Systems (EDS), is one of the new cadre. "It is the new sexy job on the market place," he admits. "But it is so new that it is still evolving. You can't just say, 'Here is the job description'."

Driving the evolution, Clark says, is the power of the Internet, which has opened up a "Pandora's box of information that was not available to citizens before" - and consumers are demanding more all the time.

Add an ever-globalising world economy with corporations integrating their divisions across the world, and it is not surprising that data privacy, and laws to ensure it, have taken on vital new importance.

EDS is an interesting case study. With 126,000 workers in 55 countries, it is the world's biggest IT services firm with massive contracts, including the largest in US government history - a $6.9-billion (h8 billion) deal to set up the Intranet for the Navy and Marine corps.

That means the company must meet or surpass the growing list of data privacy rules around the globe - and it must help its clients to do the same.

"Our CDO has to be integral to the business - both to internal systems and to all processes of our clients," says Clark.

EDS, like many of its corporate cousins, put in place a global strategy for privacy in the late 1990s, designed to take in the huge local disparities in privacy law and to be adaptable to new anomalies.

If new rules in a far-flung market place are decided, it is the CDO's job to ensure systems are updated accordingly to ensure the company and its clients are above the law. "If something goes wrong," he says, "that is my responsibility."

And, insists Clark, his job is not just about meeting legal requirements. Mistrust of the Internet and computer networks still pervades. That means companies that can prove they will not mess about with people's data are better positioned in the market place. "As an individual if I'm on the Internet doing my banking or ordering flowers...I want to do that with implicit trust that processes are in place that mean I am protected. Today, you won't get everyone saying that they trust what is going on."

Clark is in Brussels early next month to talk to the European Commission and national 'data commissioners', the member state officials who police data privacy in the Union. He reckons policy makers can learn a thing or two from his company's experiences.

At the same time he wants them to address gripes about differences in the way member states interpret the rules.

The EU's landmark 1995 directive puts the Union in the vanguard of data privacy. It sets tough rules to ensure that no personal information about an EU citizen can be misused. Citizens can demand to see data banks that contain information about them and they can insist on it being changed if it is incorrect or was illegally gathered.

Crucially, the directive allows national commissioners to initially block transfers of data, such as consumer spending patterns or employee information, to third countries that do not have measures deemed to afford 'adequate protection'.

Many, including the US, don't.

With trade disputes looming, the EU and US thrashed-out a deal last year allowing firms to avoid the risk of data transfer bans provided they signed up to a voluntary 'safe harbour' agreement.

So far only a handful of firms have done so.

Clark is sceptical of the much-vaunted scheme, which he sees as just one step on the ladder towards a more coordinated approach between countries and administrations. "We are not in the safe harbour," he says of EDS. "It doesn't give me anything."

For example, financial data are not covered by the agreement. Nor is information flow between the EU and non-US trade blocs."We have a lot of clients that are financial businesses," Clark says. "Safe harbour is no value to them because they can't join either. And what if you do business to Canada or Australia? The bottom line is that for companies that have not addressed privacy as a process, safe harbour is an ideal connectivity point to be at least positioned to do business. But for companies that have invested three or four years, safe harbour is a step backwards."

The same scepticism goes for the model contracts, which the Commission is currently touting as a way for companies - particularly small firms outside the safe harbour or beyond the US - to comply with EU rules.

The best solution, claims Clark, would be a global safe harbour agreement that recognises the systems that companies such as EDS have established across the planet and 'wrapped that up in law' - although he admits that could be a long way away.

He says: "The issue is that we have got varying degrees of interpretation of privacy. Many of them are as historical as I am. Data protection policies in some countries were arguably for job protection or to stop information being passed on to other people from government. Many are still steeped in that. A market like the US is free but if you go from one state to another you will have strict privacy laws that are more severe than in Europe. That inconsistency is causing the global debate."

Clark and his team won't leave Brussels without a parting shot at the EU for failing to get its own house in order while it imposes its rules elsewhere. "The problem with data privacy is it is subjective," he says. "You could get someone in the UK to agree but someone in Germany would say 'no'. There is no consistency between data commissioners."

One growing irritation is "the growing number of data commissioners" who assume that firms such as EDS are not playing by the rules just because they are not part of the safe harbour.

Germany, poised to introduce a new law which "far exceeds" the terms of the EU directive, is another looming problem. If Berlin can't be persuaded to change its mind, Clark "will be looking to the European Commission to step in".

The digital economy has created a new breed of senior executive - the chief data officer. Paul Clark of technology giant EDS explains their role.

Subject Categories