AT&T’s mission statement is simple: “To inspire human progress through the power of communication and entertainment.” To achieve such an immense goal, AT&T could not just be a phone company.
AT&T, one of the top ten Fortune 500 companies, is now four distinct business units: AT&T Communications, which provides cable, internet, and phone services totaling more than $144 billion in revenue annually in the U.S., WarnerMedia (with fixture HBO) adding nearly $19 billion, AT&T Latin America with over $7 billion, and finally, Xandr’s nearly $2 billion contribution of advanced advertising solutions, which powers the data intelligence gathered from customer insights from parts of all the aforementioned AT&T businesses. Together, the new AT&T is “reinventing the way the media and entertainment industry works for consumers, content creators, distributors and advertisers.” This involves using customer data, such as viewing habits, likes/dislikes, and browsing history, all with the appropriate levels of permission, aggregation, and other safeguards. Some of the data can be considered quite private, so issues of trust, clarity, and choice are important.
AT&T’s company profile articulates that by “bringing together the four key elements that define a modern media company (Premium Content, Direct-to-Consumer Relationships, Advertising Marketplace, and High Speed Networks), [AT&T] sets up a virtuous cycle: Great content delivered to more and more consumers over high-speed networks drives broader and deeper customer engagement. Deeper engagement provides greater customer insights into the content our customers enjoy. Those insights inform the creation of new content and facilitate relevant targeted advertising that drives even deeper engagement.” To be part of the “virtuous cycle” and participate in “deep engagement,” customers must first be willing to share their data. Customers should thoughtfully consider individual privacy settings and the resulting experiences those permissions provide or deny.
“We have not been shy about our ambition to use data to inform advertising and content creation,” says Tom Moore, Chief Privacy Officer at AT&T. Moore has been employed with AT&T for a combined twenty-nine plus years, having held such roles within the organizations as Vice President Assistant Controller, Vice President Business Development, Senior Vice President Compensation, Benefits and Policy, and now Chief Privacy Officer and Senior Vice President Compliance. “My academic training is in the accounting and finance world,” says Moore. “I spent most of my career there, but I have also done strategy, business development, and human resource roles, so I come to privacy from a diverse background.” Moore punctuates, “Although strong legal voices are certainly needed in a privacy office, I am not a lawyer.”
The debate as to whether a CPO should or should not be an attorney (or whether privacy should or should not report to the general counsel’s office — see Ruby Zefo’s opinion) polarizes leadership in the privacy community. Plenty of passionate attorneys can be found in the privacy vertical. At AT&T, Moore’s CPO predecessor was an attorney who moved internally to a general counsel position at one of AT&T’s four aforementioned business units. CEO and Chairman Randall L. Stephenson moved Moore into the CPO role in July of 2018, post GDPR Day, because, “he thought this issue was one of great strategic importance for our enterprise, and one that warranted a much deeper customer focus,” says Moore. Legal compliance is certainly part of privacy, but regulatory oversight is not the only privacy problem on Tom Moore’s mind. The stakeholder he is most concerned with pleasing is the customer.
Another way to make privacy simple and easier for AT&T, their consumers, and ultimately all U.S. companies, is to get federal privacy legislation passed in Congress. Currently, privacy law in the United States is governed by state laws, many of which differ in nuance the moment a border is crossed. Moore is a strong supporter of federal privacy legislation. “Yes, I am pro privacy legislation,” says Moore, adding that “instead of a patchwork of state laws, we need something that applies universally.”
Moore’s strong conviction on this issue, supported by AT&T, has granted him the opportunity to teach privacy awareness seminars to congressional influencers. “I was in Washington, D.C., doing a boot camp for Senate and House staffers,” tells Moore, “and I asked for a show of hands for whose area code on their cell phone no longer matched their physical residence. Seventy-five percent of the hands shot up. So I asked whose state laws apply. Where you reside today? Where your office is? Or the area code on your phone? I think a federal law can eliminate some of that confusion.”
Another concern for Moore is the strain a lack of federal privacy legislation may place on innovation and small businesses in America. “AT&T can bear the burden, but a small business won’t become a big business if they have to deal with each individual state regulation separately,” says Moore. It may seem antithetical for AT&T to care about small businesses, considering its size. Moore is quick to comment, “When small businesses grow, the U.S. economy grows. When the economy grows, AT&T grows. What’s good for the economy is good for AT&T.”
What AT&T is banking on, however, is that by demonstrating care for the handling of personal data, customers will trust how the company is using it. If customers choose to share more data, AT&T aims to give them elevated, tailored, or perhaps even new experiences in entertainment and communication. This agenda cuts to the core of AT&T’s mission statement. In order for AT&T to “inspire human progress,” customers will need to collaborate and feel informed. “We at AT&T consider privacy a fundamental commitment to our customers,” says Moore. “If they feel we are breaking that commitment, we won’t be able to inspire them and make progress. We have to make sure that we have given customers a choice on how we use their data, or we’ll never get to the next stage.”