Moving from Reactive to Proactive Privacy Management
Consumer sentiment around Privacy is changing and Privacy considerations are influencing consumer choices. Consumers are choosing companies adopting a privacy-first approach over companies with a poor track record on data privacy. However, there is a disconnect between how consumer and businesses view Privacy. Business will be required to change their privacy posture due to both consumers demanding and regulators requiring that businesses be more upfront on
· What data is collected
· How the data will be used
· How it will be safe guarded
A?KPMG survey?of ~2000 consumers and ~250 business leaders in 2021 highlighted most consumers are strongly concerned about data privacy and the amount of data being collected. Consumers were concerned about companies not using their data ethically, possibility of their data with companies being hacked and their data getting sold. Very few consumers were willing to share their data for broad uses cases (personalized ads or to improve product quality etc.) but around half were willing to share their personal data for specific use cases or if the data is completely anonymized. Business leaders surveyed acknowledged the consumer concerns, but most felt they were comfortable with the amount of data they collect and that they had increased the amount of data collected in the last year. If businesses are not focused on Privacy, the growing disconnect and changing consumer sentiment can potentially catch businesses off-guard.
Regulators are also taking keen interest in ensuring consumer data privacy is protected. The?California Privacy Protection Agency?issued draft regulations that signal clear interest in restricting collection and use of data to specifically disclosed purposes. The draft regulations also focus on ensuring volume and types of data collected are reasonably appropriate to the disclosed purpose and in line with expectations consumer may have.
Consumer decision-making based on privacy considerations will dramatically alter the economics of data as we know it today. Consumers and regulators will expect companies to provide a deeper and comprehensive response to Privacy concerns. Organizations will need to have a thorough and well thought out Privacy posture to meet this expectation and to regain consumer trust. This requires moving from a reactive to proactive mode on data privacy. How can we move to this proactive posture?
1.?Build Privacy into core values
Core values are the guiding principles for a company’s DNA and culture. Integrate your privacy principles into your core values to build a consistent internal understanding around Privacy. With that common internal foundation, you can develop relationships of trust with your customers and other external stakeholders. Trusted brands and companies command a premium price and customers are more likely to share their data with such companies.?Rachel Dulberg?highlights the pivot leading brands are making towards Privacy (and it is not just big Tech companies).?Unilever?sets out clear Privacy principles at the very beginning of its Privacy policies to establish their view of the importance of this. This foundation is also clear in comments their General Counsel,?Jamie Bernard?made where argued Privacy for sake of just compliance is the minimum and that companies will need to go beyond this minimum to build trust.
Organizations spend significant time and effort trying to get all parts of the organization to view Privacy with the same level of priority and urgency. However, once Privacy is an integral part of the core values within a company, these efforts can be focused on what is important.
2.?Measure the right things
Focus your efforts on what is important for your customers, your employees and the company. Track your program by collecting data that provides real insight on the impact of your efforts. But defining and measuring the right metrics is remarkably hard — often people end up measuring many things that are easy to measure but most of these might not be relevant.
For example, it might be easier to measure the number of data subject access requests you receive but it might be more important to measure the quality of your response. Quality can be measured by looking at how accurate and complete your responses have been. If you have been declining requests because the requestor is not in your systems, how confident are you that have not missed the systems of relevance.
领英推荐
Get a clear baseline of your current state and pick areas that need to be improved. Measure your progress on these key areas to ensure your overall program is creating lasting value. Getting good quality and relevant data is critical to enable your programs to succeed — this takes effort but is important.
3.?Be nimble and embrace change
Moving from a reactive to proactive Privacy approach requires foundational changes within the organization. This change is going to be required whether companies are ready or not. Regulators (see draft regulations proposed by the California Privacy Protection Agency) are wanting companies to be explicit about the purpose of data collection and restricting use of the data for just the disclosed purposes. This might not be possible to implement without rethinking your data management practices handle Privacy.
To accomplish this kind of foundational change, effective change management is vital. The organization has to be energized about the change — use your company’s core values as the motivation for the organization to embrace this. A successful transition requires the right guidance, training and roll-out of best practices. As the benefits from the transition become clear, the change sustains itself within the organization and positively reinforces the Privacy culture in the company.
4.?Cross functional collaboration
Privacy is a dynamic and complex initiative that involves multiple disciplines. Often companies view Privacy as something that falls under one domain or discipline — it might be either IT or Legal or Compliance or a different domain depending on the company. But in reality, Privacy is not confined to any one discipline. It underpins nearly every aspect of the company’s relationship with its consumers, the employer-employee relationships and engagements with other external stakeholders. Nearly everyone in the organization has a critical role in improving the privacy-posture of the company. Marketing, technology, HR, research, engineering, sales, product development, legal — any group you can name, it is most likely involved in some aspect of the Privacy.
To truly operationalize privacy within your organization, regardless of the size of your organization, you require cross functional collaboration and a Privacy team that can drive this type of collaboration within the company. Privacy is one of the factors that impact your company’s reputation and drives both positive and negative effects. It is important to understand the cross functional nature of Privacy initiatives and set up your efforts for success with the right mix of resources.
5.?Manual to automated
Data that falls under the scope of Privacy initiatives is often most of the data that an organization processes. Without technology and automation, it will not be possible to manage this large volume of data. Automation is critical to enable effective data-based decision making and to gain alignment across stakeholders. However automation and the involvement of key personnel will both be required to operationalize Privacy fully.
6.?Partner with a Privacy Ops expert
Operationalizing Privacy requires people with a proven track record of streamlining, simplifying, and scaling programs. Companies will need to view Privacy as a business process that can be measured, managed and improved. To achieve operational excellence, you require broad set of experience and expertise that span the various disciplines that are involved with Privacy implementation. Simple tools and templates can only take you so far. It’s important to build a scalable program that is consistent and integrated with the rest of organization. Work to establish the right structure that will make it easier to implement your Privacy strategy.
Companies should be both data-wise and privacy-conscious. It is indeed possible to both use data to personalize experiences for customers and ensure privacy at the same time. Implement your proactive Privacy management strategy by adopting a phased approach that includes opportunities for calibration of your approach.