Over the past several months (or longer) I have read that privacy is dead. Usually these articles appear right after a major data breach. The articles acknowledge that the data that was lost potentially causing identity theft, credit card charges, filing of false tax returns, and other bad things to happen. There is nothing you can do to stop it.
After reading so many of these articles (opinions?), I feel like I have just got on a plane with with Doug & Wendy Whiner. Maybe it is time we acted like emergency room doctors instead of funeral directors.
Often when facilitating training I am told that an attendee wants to use a particular app or frequent a particular retailer, but they hate the privacy practices. “What should I do?” they ask. Based upon the number of times this question gets brought up, it is clear to me that consumer-focused privacy practices can be a differentiator for any business.
For evidence, simply look at Ello, a social networking platform launched to provide an alternative to Facebook and Twitter. Some of Ello’s intentions are to never sell user data to advertisers or third parties, never show advertisements, and not enforce a real-name policy. Launched last March and still in beta, there are over 1 million users all of which joined on an invitation-only basis.
One observation about Ello that is true for many organizations is that their privacy notice is long. This may deter visitors from reading the notice. Moving to a simplified version, using a technique such as a layered privacy notice, would address this concern. Without this simplification for Ello, and maybe for your organization, how can consumers know that a privacy approach is friendlier than a competitor’s? Then again, maybe your approach is not so friendly.
Every organization that collects personal information is going to have its own perspective on how that information should be handled. Just like people, some organizations will keep secrets, others will share secrets. While there are laws and regulations that put limits on sharing, there remains a wide range of discretion that an organization may exercise.
A privacy professional can influence what an organization does with personal information. Ultimately it is up to senior executives to take all the differing perspectives on privacy (such as from marketing, legal, business development, and human resources to name a few) to define the organizational stance on privacy. This perspective will drive how personal information is handled, the investment in protecting personal information, and the policies related to using and sharing personal information.
The challenge is getting time from the executives to teach them about privacy.
I have been fortunate enough to work with the IAPP to provide training to 2,100 staff members at a Fortune 50 financial services firm. The staff trained included members of the senior executive team. In addition to the training attendance, each training session was introduced by a member of the leadership team.
- the discussion on privacy at senior levels was more engaged;
- the privacy message was organically spread throughout the organization; and
- a renewed focus was put on how personal information is protected.
I must admit that your results may vary, however I can assure you that without executive engagement and executive privacy awareness the leadership may opt for a less friendly privacy stance; a potential competitive disadvantage.
I suggest that privacy is not dead. It is off in a corner keeping to itself being ignored by many consumers and organizations all waiting for regulators to provide direction. The question is how to make our privacy wallflower blossom and take center stage.
Executive awareness, executive engagement, and readable privacy notices are basic tools to lay the foundation to reinvigorate your organization’s privacy initiatives and turn your program into a corporate competitive advantage.