TJX's Privacy Hirings: Is There Any Meat?

Noticed the Christmas Day report in The Boston Globe that TJX had created two new positions: chief privacy officer and privacy director and was intrigued.

The story was based on an October memo from a TJX search firm that it was looking to fill the privacy director role and that it had quietly promoted an existing TJX executive-- Jeffrey Naylor, senior executive vice president for administration and business development—to the chief privacy officer role.

What does this all mean? If TJX is telling the world that it is now taking privacy seriously, then why did it never announce the creation of chief privacy officer? How does creating this position change any of the ROI issues that caused them to not invest as heavily as they could have in security?