General Electric Co. has snatched up one of the highest profile privacy execs around, luring Nuala O'Connor Kelly away from her post as chief privacy officer at the Department of Homeland Security. The move brings Kelly back to the private sector after four years overseeing privacy compliance for federal agencies, first at the Department of Commerce, and then at DHS for the past two years.
Prior to joining the Commerce Department, Kelly established her reputation as a skilled privacy leader during a two-year stint as privacy chief at online media firm DoubleClick, helping to transform the company from a favorite target among privacy advocates into a pioneer in the areas of online privacy and data-protection policies.
During her time in the public sector, Kelly says, she always suspected she'd end up back with a private company. "Public service is always a temporary gig," she says. "It was a detour from the private sector." Kelly wraps up her time at DHS this week and will start at GE next month.
For two years, Kelly has applied a firm hand to DHS divisions, most notably the Transportation Security Administration, which she has held publicly accountable for some messy attempts to secure airline passenger data to test systems for checking travelers against terrorist watch lists. That firm hand likely is part of what made Kelly attractive to GE, a company that has traditionally taken privacy seriously. It ranked in the top 20 companies in the nation for its privacy practices, according to a 2004 survey conducted by The Ponemon Institute, a privacy research firm that consults with federal agencies and large companies on their privacy practices.
But despite its strength, GE has tended to be quiet about its privacy efforts, treating it more like compliance. For that reason, the hiring of Kelly may be an indication that GE wants to turn its stellar privacy record into more of a competitive differentiator. "Maybe GE has reached a realization that they could be more externally focused," says Larry Ponemon, principal of the institute. "Nuala has done a really good job of fighting lots of fires and tackling lots of issues. She's been very transparent."
Ponemon says that GE faces a growing list of privacy issues, especially as it continues to diversify. The company now owns health-care and life-insurance firms, and laws prohibit consumer data from being mixed between those two businesses. It also has a growing presence in Europe, where privacy laws prevent American firms from allowing personal data on their European employees from crossing international borders.
Kelly's departure comes at a critical time for the DHS, which is trying to build momentum for the TSA's Secure Flight program, an airline passenger-screening program that's been stalled in part by significant concerns about its ability to protect consumer privacy. "It's terrible news for the DHS," says Ponemon, "but it's great news for GE."