Ann Cavoukian, Ontario's very active privacy commissioner, gave a speech recently highlighting the distinction between privacy and security. She also discussed who in an organization should assume the role of CPO. See the ITbusiness.ca article:
"As North America witnesses the rise of chief privacy officers, one of the fastest growing designations, companies must decide who within an organization will be responsible for this job, Cavoukian said. Ideally, the function should rest with a 'customer-friendly' department like marketing or business development, she said.
Karbaliotis predicted chief privacy officers will grow in importance because these will be individuals 'willing to stand for the company and say 'We're doing this right.'
'Maybe it shouldn't be the security officer. Maybe it shouldn't be the chief technology officer.'
Instead the right candidate should understand technology, business processes, the legislative environment and be involved in business planning, he said.
The 9/11 crisis allowed an increasing degree of security to marginalize privacy, but now 'we need a new paradigm,' urged Cavoukian, and added security and privacy are necessary for freedom to prevail."