Law and Policy (accepted for publication in 2011)
32 Pages Posted: 2 Nov 2010 Last revised: 11 Mar 2014
Date Written: November 25, 2011
While the turn from traditional regulation to more collaborative, experimentalist, and flexible forms of governance has garnered significant academic focus, far less attention has been paid to the effects of such “New Governance” approaches on regulated firms’ understanding of the laws’ demands, and on the structures employed within business organizations to meet them. This article targets this analytic gap by examining internal corporate practices regarding consumer privacy, an arena in which the Federal Trade Commission and the States have adopted new governance models. Using data from qualitative interviews with leading corporate Chief Privacy Officers, as well as internal corporate documentation, it examines the way privacy practices have been catalyzed in the shadow of new privacy governance approaches, and the combination of regulatory, market and stakeholder forces they seek to harness. Specifically, it suggests the convergence of a set of practices adopted by privacy officers identified as “leaders,” both regarding high-level corporate privacy management, and regarding the integration of privacy into entity-wide risk management goals through technology, decisionmaking processes, and the empowerment of distributed expertise networks throughout the firm.
Keywords: Privacy, Regulation, New Governance, Compliance, Federal Trade Commission, Chief Privacy Officers, Administrative Law, Risk Management, Technology
JEL Classification: D2, D7, K2, K23, K42, L2
Suggested Citation: Suggested Citation
Bamberger, Kenneth A. and Mulligan, Deirdre K., New Governance, Chief Privacy Officers, and the Corporate Management of Information Privacy in the United States (November 25, 2011). Law and Policy (accepted for publication in 2011); UC Berkeley Public Law Research Paper No. 1701087. Available at SSRN: https://ssrn.com/abstract=1701087