Exec recommends privacy czars

State governments should consider creating a chief privacy officer position

to handle policies and manage systems in regard to privacy, according to

an IBM Corp. executive.

Harriet Pearson, who became the company's chief privacy officer in November

2000, said digital government won't become a reality until people have confidence

and trust that their information is being used properly.

"Privacy is an individual's ability to control what is done with his

or her data," she said during the National Association of State Information

and Resource Executives midyear conference Monday in Austin, Texas. The

association represents the states' chief information officers.

Like about 200 private-sector CPOs across the country, Pearson's main

duty is to ensure that IBM handles data as the company's privacy policy

dictates.

As more public information becomes available over the World Wide Web,

Pearson said citizens are concerned that somebody could use that information

to physically or economically hurt them. She said they would rather give

up the Web's convenience in return for their safety. She also said many

people are unaware of state laws prohibiting how information can be used.

States are grappling with the issue but should consider doing more,

such as appointing a CPO to help develop and oversee the implementation

of policies, she said. So far, only Florida officials have considered such

a post.

She said states also should:

* Review what information is collected by their agencies.

* Assess how data is handled and how it flows through government.

* Establish a management system or refine what a state has to do to

keep up with changes.

* Do a "privacy impact assessment" and invite public comment when considering

a new project to see how it would affect people.

* Use technology to implement policies.