The watershed policy extended four decades of IBM leadership on issues of personal privacy. IBM has been able to anticipate both its own information needs and the impact of technology-enabled advances as they ripple out to larger society—while enabling data flows and undertaking a conscientious public response.
IBM Chief Privacy Officer, Vice President and Security Counsel Harriet Pearson remembers the response vividly. “A lot of questions and concerns from employees began appearing in my inbox, along the lines of, ‘You’re asking us to take a cheek swab—what are you going to do with the DNA?’” she recalls. “That really prompted a conversation as we began to consider the societal-level implications of the project.”
Research on developments outside of IBM showed that employee desire for reassurance was well founded. While national legislation and government-provided healthcare shielded many workers in developed economies throughout Europe and Asia from genetic discrimination, disturbing stories had begun to emerge in the US and Australia. Individuals there were reportedly being treated differently after they were found to be carriers of genetic markers that indicated heightened risk for costly diseases.
Such discrimination clearly harmed individuals—but it also had broader societal implications. If genetic data and medical histories could not be shared safely, many of the life-saving advances being pursued in medicine—and the promise held out by genetic testing and other innovations in the emerging field of personalized medicine—might be thwarted.
To IBM, this wasn’t simply a practical problem to be managed. It was a matter of values and policy. The company pledged that employees’ genetic data—if such data were ever to be shared with the company—would be handled with a high degree of security and respect for privacy, and would not factor into hiring decisions or eligibility for foundational health insurance. The global policy, a first among corporations, also predated US federal legislation protecting all Americans from genetic discrimination in the workplace, which wouldn’t arrive for another three years. In 2007, Pearson, the architect of IBM’s policy, testified before the US Congress, helping to push the Genetic Information Nondiscrimination Act, or GINA, into law on May 21, 2008.
“Organizations have invaded people’s privacy with steel file cabinets and manila folders for years. But computer systems with remote access have intensified both the problem and public concern. … Now we have got to take some leadership and try to think our way through the subject. Privacy is not a passing fad.”
“IBM’s Guidelines to Employee Privacy,” Harvard Business ReviewSeptember – October 1976
“The reasons for making genetic privacy part of our broader discrimination protections are clear to us: first, a person’s genetic profile or makeup should be treated the same as other innate human characteristics, including one’s race, gender, national origin, sexual orientation, age or physical abilities. Simply stated, a person’s genetic profile is as natural and as inseparable from who they are as any other physical trait or attribute.”
“IBM Calls on Congress to Act on Genetic Non-Discrimination Legislation,” IBM press releaseJanuary 30, 2007
“What I.B.M. is doing is significant because you have a big, leadership company that is saying to its workers, ‘We aren’t going to use genetic testing against you.’ If you want a genomic revolution, then you better have policies, practices and safeguards that give people comfort and trust.”
“I.B.M. to Put Genetic Data of Workers Off Limits,” New York TimesOctober 10, 2005
“GINA [Genetic Information Nondiscrimination Act] affirms the principle central to all employment discrimination laws—that all people have the right to be judged according to their ability to do a job, not on stereotypical assumptions. No one should be denied a job or the right to be treated fairly in the workplace based on fears that he or she may develop some condition in the future.”
“Historic Genetic Information Nondiscrimination Act Takes Effect,” U.S. Equal Employment Opportunity Commission (EEOC) press releaseNovember 20, 2009
“Title II of GINA is an ideal complement to the ADA [Americans with Disabilities Amendments] Act. With both laws now effective, American workers are protected if they experience discrimination because of their disability or because of impairments they may develop.”
“Historic Genetic Information Nondiscrimination Act Takes Effect,” U.S. EEOC press releaseNov. 20, 2009
Data privacy concerns among the general public had intensified throughout the late 1960s as computers—and their swelling databases of information—became ubiquitous. In the early 1970s, under the leadership of CEO Frank Cary, IBM adopted a set of privacy guidelines aimed at preventing the collection of unnecessary personal data about its employees, a pioneering stance highlighted in a 1976 Harvard Business Review interview with Cary. In the 1980s, the company led efforts to enact medical privacy and electronic communications privacy laws.
The reason data privacy protection must become stronger is that the radically freer flow of data around the world—inherent in the shift to more open economies and societies—is not just inevitable, it’s also vital to economic growth and societal progress. This is why IBM has supported simplified cross-border data flows though its involvement with Asia-Pacific Economic Cooperation and other intergovernmental groups throughout the world. At the same time, it also helped found TRUSTe, an independent Internet privacy services provider that helps businesses promote online safety and trust, and guides consumers to privacy-protecting sites.
In a move that revealed how essential privacy issues had become to its business operations, in 2000 IBM became the first Fortune 1000 company to create the position of chief privacy officer, appointing Pearson to the role. Pearson helped launch IBM’s social computing guidelines in 2005, an evolving body of guidance designed to help IBMers navigate—with privacy awareness—the burgeoning array of social media in a Web 2.0 world. The guidelines document, one of the first of its kind published by a large company, is accessible to the public through IBM’s website.
Today, IBM continues to engage with government, industry and others to help shape global privacy initiatives that can increase consumer trust, ease the secure worldwide flow of data and create privacy-enabling technologies. It is also a leader in developing privacy-and-security-protecting technologies, such as IBMer Craig Gentry’s fully homomorphic encryption breakthrough, which makes possible the deep and unlimited analysis of encrypted information—data that has been intentionally scrambled—without sacrificing encryption protections. The company understands that without security and privacy built by design into the fabric of our organizations and societies, we will not realize the full potential of electronic healthcare, online commerce, smart energy grids and other digital systems that power more and more aspects of our lives.
Selected team members who contributed to this Icon of Progress:
- Caroline Kovac Retired General Manager, IBM Healthcare and Life Sciences
- Harriet Pearson Vice President, Security Counsel and Chief Privacy Officer
- Martin Sepulveda IBM Fellow and Vice President, Integrated Health Services, Human Resources