In Response To FTC Privacy Settlement, Facebook Splits The Chief Privacy Officer Role In Two

Next Story

TechCrunch Giveaway: Samsung Galaxy Nexus (Android 4.0) #TechCrunch

In a blog post regarding today’s FTC settlement, Facebook CEO Mark Zuckerberg also announced that the company has officially split the Chief Privacy Officer role into two parts, to be filled by existing Facebook employees Erin Egan and Michael Richter.

Richter, who will be taking the CPO — Product role, was Facebook’s Chief Privacy Counsel on its legal team and now will be focused on the product side of Facebook’s privacy policy, serving as a key figure in Facebook’s internal privacy review program.

Erin Egan, who will be taking on the CPO — Policy role, came to Facebook from the law firm Covington and Burling where she served as co-chair of their global privacy and data security practice. She held the Director of Privacy role at Facebook prior to today’s changes.

Entrepreneur and former Attorney General candidate Chris Kelly held the last Facebook CPO role. When he left, Richter served as Chief Privacy Counsel in lieu of a formal CPO position.

With the new focus on privacy regulations, Egan and Richter will ostensibly have a lot on their plate; Facebook will undergo privacy audits every 2 years for the next 20 years as part of the settlement, in addition to having to abide by the following strictures:

– barred from making misrepresentations about the privacy or security of consumers’ personal information;

– required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;

– required to prevent anyone from accessing a user’s material no more than 30 days after the user has deleted his or her account;

– required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and

– required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.