Corporate Privacy Failures Start at the Top

Abstract

With the rise of big data, numerous corporations are in the privacy business. Yet even corporations not directly in the privacy business must also make important decisions potentially impacting the privacy of their employees, consumers, and shareholders. A wide consensus of scholars and commentators has agreed that corporations fail to adequately protect privacy. The existing scholarship has largely focused on demand-side market failures to explain this privacy failure phenomenon. This Article offers a supply-side market distortion theory that reinforces the existing demand-side explanations to better account for corporate privacy failures. Under this supply-side theory, extensive corporate disclosure requirements, including the real possibility of disclosure of personal information about corporate executives, as well as a legally protected interest by the media in the personal lives of corporate executives combine to cause the pool of corporate executive candidates to sort in favor of individuals who do not themselves highly value privacy. This sorting effect can prevent the corporation from being able to properly anticipate and respond to various privacy issues. Recognition of this Article’s supply-side market distortion theory allows a shift away from a singular view of the corporate privacy problem as a consumer-driven market failure. This enables identifying counterbalancing steps that can help offset the corporate-side sorting effect such as allowing corporate executives to negotiate individualized disclosure policies, and adding chief privacy officers to conceptions of good corporate governance in order to ensure that there is someone in the corporate leadership tasked with raising privacy concerns.