Author(s): Kenneth A. Bamberger and Deirdre K. Mulligan
While the turn from traditional regulation to more collaborative, experimentalist, and flexible forms of governance has garnered significant academic focus, far less attention has been paid to the effects of such “new governance” approaches on regulated firms’ understanding of the laws’ demands, and on the structures employed within business organizations to meet them. This article targets this analytic gap by examining internal corporate practices regarding consumer privacy, an arena in which the Federal Trade Commission and the states have adopted new governance models. Using data from qualitative interviews with leading corporate Chief Privacy Officers, as well as internal corporate documentation, it examines the way privacy practices have been catalyzed in the shadow of new privacy governance approaches and the combination of regulatory, market, and stakeholder forces they seek to harness. Specifically, it suggests the convergence of a set of practices adopted by privacy officers identified as “leaders,” regarding both high‐level corporate privacy management and the integration of privacy into entity‐wide risk management goals through technology, decision‐making processes, and the empowerment of distributed expertise networks throughout the firm.
Keywords: privacy management, FTC