Cyber Risk Advisory
4 Key Questions When Thinking About Data Privacy Strategically
This content is provided "as is" and is more than a year old. No representations are made that the content is up-to date or error-free. Please see the latest on this topic here.
It wasn’t that long ago when the concept of data privacy was mostly a legal question. Privacy obligations arose almost exclusively from regulations, so most organizations delegated the problem to legal counsel, who then tackled the problem through policy and contract language. At best, it was a cost of doing business. More often, the problem was simply ignored.
The situation is very different today. Individuals are increasingly sophisticated in their views on data privacy. They’re more likely to consider a company’s privacy promise when making buying decisions. A business’ reputation and relationship with its customers can be conditioned by its approach to privacy, particularly in data-heavy sectors such as mobile and ecommerce. Savvy companies already recognize this trend and capitalize on it by building customer intimacy and making data privacy a competitive advantage.
The lesson here? Stop thinking about privacy as a business risk and start thinking about it as a strategic opportunity. This may require your organization to undergo a cultural shift and integrate privacy at every level of product design, operations, and marketing.
4 Privacy Questions to Consider
Here are four key questions to consider:
Who owns privacy at your organization?
For many organizations, data privacy is centralized in the legal department. While this is not uncommon, it’s crucial that privacy evangelism extend well beyond the legal and compliance realm. Every department in your organization with the potential to affect your customer’s experience has a role to play in your approach to privacy. Privacy leadership can and should include legal eagles, but must also take a more holistic view of the organization.
How do your customers view your company’s data collection practices?
While it might have been common at one time for individuals to shrug off privacy matters, consumers are now much more demanding. If your customers don’t trust your company, you will lose them to a competitor they can trust. More to the point, if your customers knew exactly what you were doing with their data, would they still do business with you?
How do your competitors talk about privacy?
Evaluate your company’s privacy story against that of your competitors. All other things being equal, which story is likely to be more attractive to potential customers? Are your competitors leveraging their data privacy strategy to compete with you? How can you turn your own privacy posture into a competitive opportunity?
At what point is privacy first considered in your business and product lifecycle?
Many companies treat privacy as a final compliance check before releasing a product, but when trying to build privacy-forward products and services, that’s far too late in the game. Privacy considerations should be included from product inception and treated like any other design goal. Remember that how you treat data collection has a direct impact on your relationship with customers, so it should be given the appropriate priority. Product development, interface design, marketing, and support are all affected by data privacy policies, so they should also be taken into consideration before you start building.
The privacy regulatory landscape is changing on a monthly basis, and — more critically — privacy concerns are showing up in the media with increasing urgency and frequency. Customers demand better privacy protections and control over their personal data than they did even a few years ago. Especially for data-intensive organizations, the collection and use of personal data presents both a risk and an opportunity to build better and more durable customer relationships. There’s never been a better time to align your company’s strategy with this new reality.