Acxiom Privacy Leader Jennifer Barrett: A Few Questions
Acxiom's privacy officer answers a few questions about data, privacy, and government control.
Acxiom Corp. was one of the first companies to create the position of chief privacy officer, which may not be surprising given its business model--accumulating and selling consumer data, and managing customer data for other companies. Within Acxiom, Jennifer Barrett is known as the company's privacy leader (there are no traditional titles at Acxiom). InformationWeek editors recently sat down with Barrett to talk about data, privacy, and government mandates.
InformationWeek: Where do Acxiom's responsibilities lie in relation to the data you manage?
Barrett: How we approach information management, between the services we provide to our clients and the products we sell to our customers based on public data, is that we're an outsourcer of IT processing and the data itself belongs to the customer. We don't do anything to the data that they don't want us to do. They are the ones responsible for the policies and laws in relation to their data.
InformationWeek: How personal is the consumer data you sell?
Barrett: We do it at a household level, not an individual level. We're looking for demographic information derived from transactions, rather than the transactions themselves--intelligence inferred from transactions you've made.
InformationWeek: How have your company's privacy policies changed in the last couple of years?
Barrett: We feel the issues are getting more complicated. We're under a lot more rules, rules around sources of data, how data can be used; also, rules around our customers and how they can use certain kinds of data.
InformationWeek: How have the data rules changed?
Barrett: Some data has become unavailable. Take driver's license data. The late 1990s driver's license protection act [Driver's Privacy Protection Act] put restrictions on that data. Fifteen years ago that data was considered general public data. Now it's not available for marketing purposes.
InformationWeek: When is it appropriate for a private-sector company to share data with the government?
Barrett: When the government goes to JetBlue, who doesn't provide data ever, and asks for data--they want to help. The government didn't use to come and ask for this kind of data. The industry is trying to build a set of rules between the private sector and the government, and we're attempting to help write these rules. I've spoken at a variety of government conferences, met with certain agencies, the Commerce Department, for example, and I wouldn't be surprised if sometime soon it wasn't mandated that [government] agencies of a certain size have someone dedicated to privacy.
InformationWeek: What's your greatest challenge going forward?
Barrett: As we build out our business globally, it's challenging. If you think it's difficult to deal with state and federal laws, as we deal with global customers we layer international issues on top of that. Every country is passing more laws around privacy. Those that never had them are trying to pass them. With nine European countries, there are nine sets of rules, not harmonized. Germany alone has 16 [privacy] laws because they do it at the province level.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.