Over the past several weeks we’ve been covering a lot about data privacy, and particularly why it’s such a hot topic in the current climate. We’ve provided recommendations for building data governance frameworks for data privacy, engaging stakeholders across departments and creating a culture that values data privacy.
Many organizations have recognized that data is one of their greatest assets. They accepted this truth years ago and have been doing everything they can to maximize data’s value. But when you have something so valuable, don’t you want to protect it? Don’t you want to make sure it’s not just used a lot, but that it’s used correctly?
Not all businesses have considered these questions, but data governance, analytics and privacy professionals know there is a lot more to the datasphere. Data privacy needs to be embedded in how an organization thinks about its business and products, data sharing, innovation and data-driven insights become much more powerful. Creating a strong data culture supported by essential elements, such as privacy by design, enables the board, c-level executives and the overall business to deliver value to shareholders with much more agility.
In our last few articles, we’ve illustrated how data privacy and noncompliance affect your daily operations and offered tips for how to address the impact. Now we want to share recommendations for how to communicate the necessity of data privacy to those who are sometimes the hardest to reach and garner attention from – your board members.
We’ve consulted with business leaders to understand how they engage with board members and what their best practices are for making a lasting impact. Below are key tips they have shared, but with a focus on data privacy because communicating the value of data privacy to stakeholders is crucial for data professionals to get the buy-in and investment they need.
Personalize the conversation
Remember that people are complex. They have biases, emotions, lives and interests. Board members are people too. When communicating with your board, appeal to what matters to them. Tell them something that sounds real and relatable. These unprecedented times affect everyone. Ask them questions about data and individual rights on a regular basis:
- Do you get those notifications asking for cookie consent whenever you visit a website on your laptop? Do you read them or know what personal data you’ve consented to sharing?
- Have you seen that recent article in the Wall Street Journal about how smartphones use facial recognition?
- How much more online shopping have you done since the outbreak of COVID-19?
- Did you know that some companies are using health and location data to track the spread of COVID-19?
Also, remember that not every board member will respond to the same message. Personalize the conversation to his or her own interests. For example, consider their professional backgrounds:
- A previous Chief Marketing Officer – Marriott International Hotels was fined for GDPR noncompliance because they didn’t do enough due diligence when acquiring Starwood and exposed 339 million guest records. Can you imagine dealing with that PR nightmare?
- A previous Chief Financial Officer – British Airways was fined 204.6 million euros for GDPR noncompliance due to inadequate security mechanisms. Can you imagine how that affected the bottom line?
- A tech venture capitalist – After the Cambridge Analytica scandal in 2018, Facebook’s share price fell more than 40%
Be clear and concise
Board members are busy people. They are getting tons of information thrown at them all the time. They need quality information fast. Identify the 3-5 aspects about privacy that are most relevant to the business and engrain the message in their heads. Examples:
- Privacy is a competitive differentiator
- Consumers engage more with companies they trust
- Privacy by design strategy makes businesses more agile
- Technology is not a panacea for data privacy challenges. Privacy needs to be embedded in company culture
Show them the numbers, but don’t overdo it
Clearly, we know that there is strength in numbers. People trust data because it makes the situation more concrete. Numbers are powerful. Nonetheless, data can be overwhelming. Pick out the data points that are most relevant to your organization and your stakeholders.
If your organization is mainly concerned about preventing fines. These are the biggest GDPR fines to date and their industries:
- British Airways (Travel, Hospitality, Leisure) – 204.6 million euros
- Marriott International Hotels (Travel, Hospitality, Leisure) – 110.3 million euros
- Google (Technology) – 50 million euros
- Austrian Post (Logistics) – 18.5 million euros
- Deutsche Wohen SE (Real estate) – 14.5 million euros
- 1&1 Telecom GmbH (Telecommunications) – 9.5 million euros
If you want to show them the impact potential challenges, consider the following metrics:
- Number of individual rights requests received per month
- Average time to respond to an individual rights request
- Number of customers impacted by a breach or privacy incident
- Total time spent notifying stakeholders after a breach
Leverage external subject matter experts (SMEs)
We all have our own biases and assumptions. We need to recognize how that affects our decisions and perspectives. Use external subject matter experts who are not biased to your company’s performance and who have deep knowledge of the data privacy landscape. Incorporate their findings and recommendations. Use them for authority and validation.
Some experts offering great insights on data privacy are:
- International Association of Privacy Professionals (IAPP)
Nearly every news outlet has had a recent headline about data privacy, here are some from just the last few weeks:
- Privacy Cannot Be a Casualty of the Coronavirus – New York Times
- Apple And Google Announce New Approach To Coronavirus Tracking That Counters Intrusive Government Use Of Mobile App Data – Forbes
- City council to consider ban on facial recognition, surveillance oversight, school information-sharing rules – Boston Globe
- How far has privacy come under Europe’s GDPR? – Politico
- Twitter, WhatsApp Sanctions Loom in EU Privacy Crackdown – Bloomberg
- The Price of Covid Freedom May Be Eternal Spying – Bloomberg
- Contact Tracing COVID-19 Throws a Curveball to GDPR, Data Rights – Datanami
Tie every point to business strategy and priorities
At the end of the day, every board member wants what’s best for the business and each move they make is tied to a business goal. When you present the impact of data privacy, relate it directly to the business’ strategic imperatives. At a high level, here are some of the ways that privacy by design generate positive business outcomes:
- Risk mitigation
- Improve regulatory compliance
- Enforce policies
- Reduce risk from third-party data exchanges
- Operational efficiency
- Implement standard processes
- Use technology to automate activities
- Improve data quality
- Revenue growth
- Spend less time on remediation and more time innovating and on other value-add projects
Data privacy benefits the business, from increased revenue to reduced risk, from business analysts to C-suite executives and board members. It’s up to data leaders to communicate the value of data privacy and protection to safeguard their organization and help them grow.
This is the final installment of a five-part blog series on strengthening data privacy muscles. To see the whole series, check out part four, part three, part two and part one.