New York Life Names Chief Privacy Officer

Computerworld - New York Life Insurance Co. last week joined the likes of American Express Co. and Providian Financial Corp. by naming a chief privacy officer (CPO) to uphold privacy standards and procedures.

CPO Duties A chief privacy officer’s responsibilities include: Tracking pending legislation Staying up-to-date on new technologies Ensuring, via direct contact with senior managers, that his company’s strategic efforts are in alignment with legal and technical developments Source: Survey by PricewaterhouseCoopers, New York.

New York Life, a Fortune 100 company, is one of the largest insurers in the country. It recently revised its privacy policy to meet new federal and state privacy laws and will mail copies of the updated policy to customers and subsidiaries later this month. Warga said the company's previous privacy policy was only an internal document.

Warga said he was picked for the job because his experience in auditing and compliance has given him an enterprisewide perspective.

"Also, over the years, I've been able to develop contacts and working relationships with all the managers of all the business units," he said.

Those contacts include relationships with IT managers.

Warga said he plans to work closely with the chief information security officer, who reports to the CIO, to ensure that the security and privacy policies complement and support each other.

There are now between 200 and 300 CPOs in the U.S., according to Alan Westin, head of the Association of Corporate Privacy Officers in Hackensack, N.J. That number may jump to the thousands in the next couple of years, he said.

"Under the Health Insurance Portability and Accountability Act, every entity covered must designate an official to develop and implement privacy policies," said Westin. "That's 60,000 entities."

In Europe, where privacy standards are stricter than in the U.S., there are already thousands of privacy officers; for example, there are 2,000 data protection officers in Germany and 1,200 in Sweden, Westin said.

Privacy proponents have warned, however, that the recent wave of corporate CPO appointments shouldn't distract the nation from the need for even stricter privacy laws.

"What good does a chief privacy officer do if there are no laws?" asked Edmund Mierzwinski, consumer program director at the U.S. Public Interest Research Group in Washington. "The laws we have aren't good enough, particularly in the insurance business."