Author(s): Deirdre K. Mulligan and Kenneth A. Bamberger
Abstract: While the turn from traditional regulation to more collaborative, experimentalist, and flexible forms of governance has garnered significant academic focus, far less attention has been paid to the effects of such “New Governance” approaches on regulated firms’ understanding of the laws’ demands, and on the structures employed within business organizations to meet them. This article targets this analytic gap by examining internal corporate practices regarding consumer privacy, an arena in which the Federal Trade Commission and the States have adopted new governance models. Using data from qualitative interviews with leading corporate Chief Privacy Officers, as well as internal corporate documentation, it examines the way privacy practices have been catalyzed in the shadow of new privacy governance approaches, and the combination of regulatory, market and stakeholder forces they seek to harness. Specifically, it suggests the convergence of a set of practices adopted by privacy officers identified as “leaders,” both regarding high-level corporate privacy management, and regarding the integration of privacy into entity-wide risk management goals through technology, decisionmaking processes, and the empowerment of distributed expertise networks throughout the firm.
Keywords: Privacy, Regulation, New Governance, Compliance, Federal Trade Commission, Chief Privacy Officers, Administrative Law, Risk Management, Technology