I recently read this blog post which talks about having a chief trust officer as part of your executive team. This is a different kind of title from someone working at a bank that actually involves managing financial instruments with that name, so it is a bit confusing at first. But what the post talks about is someone being in charge of overall data and customer trust relationships.
The author says, “In our internal discussions, security is not the sole realm of the CISO. The concepts of trust, reliability, and security figure into every aspect of our business.“ Informatica moved its CISO from its IT organization to its R&D group and gave him this new title as a way to increase transparency and improve overall security and communications. Certainly the recent events surrounding Equifax and other data breaches have brought these issues to the forefront.
Certainly, having new kinds of staff titles is a growing trendlet. We have chief people officers (which used to be called HR), chief fun officers (now that is a job that I could do), chief curator (this one decides what content to put on a corporate home page), and chief amazement officer or chief troublemaker (who both turn out to be the company’s founder). Certainly, some of these titles are just annoyingly cute, and could be more confusing that clarify any particular corporate role.
But I think the chief trust officer is actually a title worth thinking about, if you dive into understanding why you are giving it to someone.
I spoke to Drummond Reed, who is an actual Chief Trust Officer for the security startup Evernym, about why he calls himself that. “We choose that title very consciously because many companies already have Chief Security Officers, Chief Identity Officers and Chief Privacy Officers.” But at the core of all three subjects is “to build and support trust. So for a company like ours, which is in the business of helping businesses and individuals achieve trust through self-sovereign identity and verifiable digital credentials, it made sense to consolidate them all into a Chief Trust Officer.”
Reed makes an important point: the title can’t be just an empty promise, but carry some actual authority, and has to be at a level that can rise above a technology manager. The chief trust officer has to understand the nature of the business and legal rules and policies that a company will follow to achieve trust with its customers, partners, employees, and other stakeholders. It is more about “elevating the importance of identity, security, and privacy within the context of an enterprise whose business really depends on trust.”
That brings up something else. How many businesses don’t depend on trust? Those that are out of business, it seems. I think it is appropriate to signal not just that someone is in charge of infosec or privacy issues, but covers everything in the trust workflows and lifeblood of the business.
So whether you have trendy titles in your company or not, think about having a chief trust officer. If you are serious about building (or in the case of a post-breach, rebuilding) trust with your customers and staff, it might make sense. And dollars, too.