Blog

CPOs & Self-Regulation = A Winning Combination

This month, Lou Mastria, an experienced chief privacy officer, stepped in to help lead industry self regulation as Managing Director of the Digital Advertising Alliance (DAA). The news was music to my ears because our self-regulatory efforts will benefit from having additional CPOs in our ranks. 

Prior to joining DAA, Lou was Chief Privacy Officer of Canoe Ventures. He has also served as Chief Privacy Officer and Vice President for Public Affairs of NAI member DataLogix, Inc. In that critical role, he was responsible for oversight and direction of DataLogix's information use policy to ensure compliance with legal regulations, industry guidelines and best practices. Additionally, Lou is both a Certified Information Privacy Professional and a CISSP. In short, Lou has devoted a significant portion of his career to consumer privacy and ensuring data security. 

Based on our conversations to date, Lou believes -- like other CPOs -- that privacy is not just about compliance and "checking the box," but is an ongoing process of constantly evaluating a company's data collection and management practices to ensure that its privacy program remains comprehensive, addresses new challenges, and adapts to changes. That same principle, which former CPOs like Lou and me consider gospel, applies with equal force to self-regulatory programs like DAA and NAI. 

Perhaps most importantly, it is apparent to me that Lou understands how Internet businesses operate - including the invaluable and indispensable role of third parties in the online advertising ecosystem. Third parties (networks, exchanges, platforms, analytics providers, etc.) provide critical services to publishers, advertisers, and other online services. While it's not just about online behavioral advertising, we certainly agree that consumers are likely to find behavioral advertisements more relevant than random messages, and advertisers are more likely to attract consumers that are interested in their products and services. Websites (the ones we love and enjoy for free) also benefit because behavioral advertising garners better responses, allowing websites to earn more revenue – and support more content and services – for fewer advertisements. 


Lou and I also share the concern that "do not track," as currently being debated and formulated, exclusively targets the practices of third-party advertising businesses. In addition, DNT fails to recognize the important distinction between companies who embrace best practices and comply with voluntary standards and those companies that play by their own rules. Beyond that, we both know that the potential impact of a poorly conceived DNT policy will extend beyond third parties, hitting small to medium-sized publishers and advertisers particularly hard. What we've been discussing, with our former CPO hats on, is whether or not DNT would result in a net gain for online privacy or whether a post-DNT online world would see the rise of more data collection, more tracking, an increased use of PII, and opt-in consent mechanisms on every website that consumers will click through with glazed eyes.  

You can see why I like him already and why I believe that Lou is going to be a great partner as we build upon and further development an already robust self-regulatory framework for OBA and related business models. Having another person who has sat in the CPO seat at the helm of our sister organization is exciting for me. Welcome aboard Lou. It is great to have you on the industry self-regulatory team!