Privacy in a Ready Stance
We are only two months into the year, and there remains a clear message for all organizations:?get ready.??
Get ready?for new global privacy laws and evolving interpretations of those already on the books.??Brazil enacted a national law in 2019. China passed major privacy legislation in 2021.??And India is on deck to pass a law this year.??Many countries are considering new laws or revamping legislation that has not kept pace with the furious speed of data and tech innovation.??Indeed, Gartner predicts that?75% of the world’s population?will be subject to national privacy legislation by the end of 2023 (up from 10% at the start of 2020).??Meanwhile, regulator and court interpretations of laws on the books are increasing the complexities of data transfers, ad tech and much more.??For any business with a global footprint, the task of managing local variation in privacy law has become a very big job.??
Get ready?for the US privacy environment to heat up.???Let’s start with a bold prediction: we will not see US national privacy legislation this year.??But that doesn’t mean that privacy in the US is dormant.??Expect that a handful of states will introduce broad privacy legislation that builds from laws in California, Colorado and Virginia.??The state map?of privacy laws will certainly get more complicated.??Watch for a “private cause of action” (the ability for private plaintiffs to bring cases for damages under the law) – such a provision in a state law could be the catalyst for federal action.??And while we may not see a law from Washington, DC, the capital will be buzzing with FTC enforcement and possible rulemaking efforts.
Get ready?for a privacy talent shortage.??New laws, enforcement, and a steady increase in societal focus on privacy have all led to remarkable growth in the demand for skilled and experienced professionals who can help organizations build privacy programs.??But here’s the rub: the privacy profession is still nascent, and there simply are not enough experienced privacy pros for all the current open positions – let alone the roles to come. The?IAPP currently has 74,000?members in more than 150 countries.??But we had less than 25,000 members just five years ago.??Expect salary inflation and lots of poaching of the top talent for the foreseeable future.??Smart organizations are ensuring that their critical players are secure and happy and are training lateral hires to shore up the gaps (think: compliance, risk management, program management, project management and IT generally).??So what to do???Find talent inside your company and offer them the opportunity to broaden into privacy.??Provide great training to these lateral assets and reinforce your privacy team with people who have depth in your business.??
Get ready?for C-suite and board attention.??Major companies are buying television time to promote national privacy legislation.??National politicians are stumping on pro-privacy platforms.??The G7?added privacy and data flows to a broad slate of priorities.??Clearly, privacy has become an economic, national and geopolitical issue.??Boards and CEOs have embraced the topic as well, placing early attention on risk management and compliance.??Ensuring your organization has good answers when the board asks about privacy compliance and risk management is certainly a healthy career choice.??Think about the information that will allow your executives and board to understand the risk and scope of privacy issues in your organization.??Maturity models and metrics can be useful tools in conveying possible exposure and operational responses to a board.??An audience with the board is also an opportunity to make the case for increased resources.??Managing privacy takes human, operational and technological investment.??Don’t miss the chance to ask for the resources needed to do the job.
领英推荐
But the top brass are also seeing the strategic value of privacy – the?human?value of privacy.??Getting privacy right means meeting the expectations that citizens have for our data.??And that doesn’t mean endless notices and preference pop-ups.??It means doing the hard work of building privacy programs deep in organizations and designing privacy consideration into new products and services from the start.??It means investing in the tools and technologies that serve as critical foundations to these programs (hot tip: you cannot manage data subject access requests on spreadsheets and email).??Investing in privacy program management will pay dividends in customer engagement and loyalty.??It will also make your organization’s brand shine when compared to those who fail to see that mere compliance is the start, not the finish, of the race.??
Get ready?for technological innovation to continue to challenge privacy.??It is undeniable that privacy and tech innovation are interwoven in an odd call and response.??A new technology emerges and challenges existing privacy expectations (whether ensconced in law, or within normative expectations of society).??Society responds with new norms to guide behavior within the technology.??In some cases, laws are needed to deter uses of data in an emerging technology.??The problem is that these responses are always post facto.??We are only reacting, and often too slowly, to the privacy issues created by innovation.??With the metaverse, Web 3.0, facial recognition, autonomous vehicles, and smart cities all rapidly developing, your organization needs to be considering the privacy implications that these innovations will raise for your products and services.??
With the focus on the importance of data in today’s digital economy, now is the time to assess your organization’s readiness for an even more complex and challenging privacy landscape.??The trend lines of geopolitical, regulatory and technological trend lines all point in a similar direction.??Most organizations have the initial pieces in place to respond to today’s environment.??The smartest organizations are investing in this more complex future and embracing privacy’s strategic value by building teams deep in talent, investing in the tools and tech to do the job, and – most of all – getting ready for all that is to come.???
?
Privacy, Data Protection, Compliance | CIPP, CIPM, FIP
3 年Well put. "?And while we may not see a law from Washington, DC, the capital will be buzzing with FTC enforcement and possible rulemaking efforts." Working. Law.
Delivering what matters - Trusted by some of the largest UK providers in the logistics sector enabling them to streamline processes, manage risk and power productivity.
3 年A great article. Privacy should not be a compliance exercise aimed at satisfying regulators and avoiding fines;?it’s an ethical commitment to earning and retaining the trust of people. Customers are more likely to choose, buy from, recommend and stay loyal to businesses they trust. Employees too will be more willing to join an employer they trust with both their data and with customer data; they’ll stay longer and work harder. Good privacy lies in winning and keeping that trust. The eight principles of the GDPR are merely signposts to some of the behaviours that achieve that goal; treating privacy regulation as an exercise in compliance box-ticking, while it might mechanically produce some of the outcomes intended by the legislation, will not bring with it the deeper bond that inspires confidence.
Experienced Human Resources, Privacy and Policy Professional
3 年A very well written synopsis! Organizations need to view privacy as a value - a part of every decision that they make (like safety) - rather than simply a priority. Priorities can change. Values are the basis of decisions and strategy.
Vice President & Global Chief Privacy Officer | Strategic Advisor | Consultant
3 年Well said, Trevor. The companies that recognize privacy as a central core strategy will succeed across the board, regardless of the sector they operate it in. The ones that treat it as a check box function will struggle. The marketplace continues to show a direct correlation.