"The value proposition, the benefit for companies that manage information well and really respect the privacy rights of the customer, includes a better relationship with the customer," says privacy consultant Larry Ponemon. The companies he has studied mirror Hilton's experience.
"You get a better quality of information from customers who are willing to give it to you, thereby increasing the quality of marketing and outreach for the whole company."
Numbers are still scarce in this emerging field of study, but Ponemon found in one analysis that marketing programs performed more than 20 percent better when higher-quality customer information was made available.
"You churn fewer customers, and some may even pay a premium for a relationship they trust. This is not just about being ethical, or responding to regulatory imperatives. It's really about being a good business."
Yet according to a study by his Ponemon Institute, a Tucson, Ariz., think tank devoted to privacy issues, barely a third of large companies in the U.S. call privacy "an important part" of their "brand or marketplace image."
While Harvey plays an integral role in Hilton's privacy strategy, many information technology leaders find themselves reacting to the dictates of legal and marketing teams without gaining a spot at the table where key decisions are made.
"There are few companies where the CIO has real influence on privacy issues," says Venkatesh "Venky" Shankar, a professor of marketing at Texas A&M University's Mays Business School. Shankar has worked with researchers at the Massachusetts Institute of Technology, the University of California at Berkeley and Northeastern University on the business value of privacy and trust, and he is currently engaged in a long-term project to determine the return on investment that can be expected from spending to enhance trust.
That's not an easy task, given the inherent limitations in the job descriptions of most CIOs.
"They don't really own this issue or determine the direction," says Allen Westin, professor emeritus at Columbia University and head of a nonprofit group called Privacy & American Business.
"The two drivers are the businessmarketing and salesand the lawyers. Marketing filters its plans for permission-based marketing, opt-in or opt-out strategies, through top management. And when the legal people speak authoritatively, they have the trump carda bank is not going to risk its certification from the Feds. The CIO belongs on the privacy task force, but as an assembler of the technology to support it."
Yet the CIO can do more than just show up for meetings and tweak the plans of others. "The CIO needs to elevate his role to become a business strategist," says Eric Trapp, an associate partner at Accenture, which has released an article titled "The Economic Value of Trust."
Trapp says the CIO should be involved in two-way transactions with the rest of the company, both by learning to better understand the business customer, and by helping to convey to the entire organization the importance of privacy and the ways that it can be supported.
Ponemon says the CIO's role as gatekeeper of information is an increasingly important one in terms of privacy. "The CIO is in an interesting space right nowin a lot of cases they really occupy the position of chief knowledge officer, which was supposed to emerge as a new specialty but really has not done so. So privacy and trust need to fall under the CIO rubric. They can't just be force-fed the idea that privacy is something you have to do, versus something you should do, and we are starting to see that change more in leading companies."
One company cited by Ponemon as profitably privacy-centric: National City Corp., a super-regional Cleveland-based bank that has prospered by wooing retail customers while respecting their personal information.