Privacy Officers

Privacy in public: Translating the category of privacy to the digital age

In a collaboration with Professor Klaus Weber (Bajpai & Weber, Research in the Sociology of Organizations 2017), we examined the processes through which abstract categories are formed, contested and transformed in the public sphere. In contrast to object categories which are bounded by the material properties and features of the objects they classify (Zuckerman 1999), abstract categories are changed and extended by rhetorical devices. We argue that notions of privacy are linked to institutional orders of worth (Boltanski and Thévenot 1991) which offer conceptual toolkits of analogies, vocabularies and ontologies. Specifically, we utilized archival data from legal, policy and newspaper sources to illustrate the changes in the contents of the category of privacy over time. Further, we unpacked the institutional translation processes that ensued when technological changes necessitated updated collective understandings of the privacy category. Overall, our study made a case for articulating and emphasizing the effortful rhetorical contestation processes that underlie seemingly ‘natural’ social categorizations.

Constructing Privacy Officers: How Firms in the United States and France Responded to the Data Protection Challenge

(In preparation for submission to Academy of Management Discoveries, Special Issue on Digital Transformation)

In a follow-up study, we focus on an empirical puzzle. Namely, even though digital privacy became a pressing concern in most western democracies at a similar point in history and was driven by similar concerns of government surveillance, nations varied considerably in their institutionalized responses to the social problem of privacy. For instance, while American privacy officer roles are relatively strategic and prestigious, French privacy officers occupy low-status documentarian roles. We examine the development and constitution of the role of digital privacy officers in three countries, United States, France, and Canada. Using a comparative case study method and a multimodal data corpus (interviews, newspaper articles, professional communication, and interaction), we offer a model of occupational prestige, theorizing that national regulatory, cultural and institutional structures combine to produce differing perceptions of risk and uncertainty. Such organizational perceptions meaningfully affect sensemaking-sensegiving patterns between regulators and privacy officers, and, as a consequence, occupational prestige. Our findings highlight an inherent contradiction between government regulations and organizational responses. When regulatory strictures are vague and penalties for non-compliance are unpredictable, compliance personnel can gain strategic agency and import. In contrast, when regulations are settled, and damages for non-compliance are predictable and minimal, compliance personnel can come to occupy symbolic and documentarian forms. We believe our study poses an interesting and timely perspective on the emerging challenges faced by firms in the new economy, particularly in the aftermath of the passage of the General Data Protection Regulations (GDPR) by the European Union.