To whom in the organization should the privacy officer be reporting? In terms of a reporting structure, it depends on the company culture. I've seen it reporting into legal, into compliance, into the CIO, into marketing. I've reported to a couple of different areas myself. At the end of the day, because it is cross-disciplinary, it is for the senior managers of the company to help set a course that helps the privacy officer and the team that works on these issues to strike the right balance. I don't think the privacy function should be with the CIO. But the CIO is a partner and is key, key, key.

In a sense, is it even harder for privacy officers to get the recognition they deserve within an enterprise compared to security managers? It depends on the individual and the company strategy. I do think that when things happen in the world, in the outside environment, that creates change, it falls on leaders inside companies to lead the way. So instead of worrying about how much respect you get, I would turn it around and my attitude and my advice would be look at the challenges posed by a globalizing world -- a world in which lots more data is under your management and where the expectation is you are going to be very transparent about how you manage the information. Now, take those forces and be strategic in how you help your company meet its objectives. And I daresay you'll be respected, because every company probably wants, as part of its objectives, to deliver a consistently excellent experience to its customers and its clients. And if you are going to be doing that, you are not going to have security breaches that you are going to be notifying customers about, and you are going to be treating your customers with respect.