Remember the old days, when a great way to start an article was to quote a dictionary definition? “Webster’s defines privacy as ‘freedom from unauthorized intrusion.’” You know, that sort of thing. Sometimes with a pronunciation guide.
The trendline for privacy is surprisingly steady, with the exception of Sept.-Oct. 2015, when queries tripled over today’s baseline. (Bonus points to the reader who can tell us why.)
You may be thinking, we get it: Privacy is in the news, with spikes as key events or breaches happen. So if pretty much everyone is interested in privacy, and everyone agrees privacy is good and lack of privacy is bad, is there any real agreement on degree and details? And what should companies do in a world of conflicting privacy regulations and expectations?
Oh, Look, a Quiz!
Consider this “check all that apply” proposition, multiple choices allowed: Privacy expectations are violated when:
- __ Personal data is exposed through security breach.
- __ Personal data is used to provide targeted advertisements.
- __ Personal data is used to create a personalized experience based on past behavior.
We’d bet that most people would choose Option 1. Option 2 may depend on the targeted advertisements – and whether they’re from a regular partner or a spam site generating political outrage to drive advertising revenue. How about Option 3? Most, very likely, would argue that sites should use personal choices to improve the experience if the customer opted in for that.
So what should the business reaction be? Let’s try this proposition: Protecting privacy should be:
- __ Mandatory and standardized by government regulation.
- __ Voluntary and a source of differentiation for innovative companies.
- __ Of no interest unless mandated by law.
Here we have another case where it’s unlikely that an obvious high majority would choose Options 1 or 2 over the other – but it’s doubtful that any company would go public with an answer of Option 3.
What’s the Answer?
Here’s the answer we’d suggest. The general principles of privacy seem widely accepted; they cover such dimensions as how information is used, the right to control its content, the right to be “forgotten” (or the “right to deletion” as worded for California consumers) and some control over derivative insights. And privacy is on everyone’s mind – consumers, regulators, journalists, influencers. So your best course of action is to act as if privacy might become mandatory, even if your customers are not based in Brazil, the EU or California, and build safeguards now. This approach requires:
- Building a general model of privacy that is not tied to any one precise piece of legislation. Laws change and grow; copycat variations expand to other geographies. IAPP in Brazil and GDPR in Europe formed the philosophical but not identical basis for CCPA in California, and others are being enacted throughout the globe.
- Developing a privacy model that is positioned as a consumer benefit, not as a reluctant response to regulatory pressure. Take the general model from above and find the right time, place and wording to introduce the concepts to the audience that needs to hear the choices. Think of early and strong adoption of privacy as being a brand differentiator.
- Implementing a strong technology model that supports data management, data governance and data cataloging. A privacy commitment from the corporate office must have a means of being implemented, with technology and business tightly aligned.
Data Modernization to the Rescue
Building a technical basis for privacy policies is a co-requisite of digital transformation. A modern, ready-to-respond data platform is absolutely essential to turning a strategy into real-world action. What’s needed is a coherent data modernization plan, which must be part of your corporate strategy.
Reputations can be lost quickly and, in a world of instant bad news, be hard to recover. Facebook is but one example – a highly visible one – and its struggles with public perception and government scrutiny are a cautionary tale for all industries.
We’d like to leave you with a few thoughts:
- Everybody (pretty much) knows when trust has been lost in the obvious cases (like a security breach), but others are not so obvious. There’s no clear agreement on what privacy means in the gray areas of personalization and derived data, and companies will have to build flexibility around this lack of precise expectation.
- This lack of a single consistent voice will not stop governments, federal or local, from making their own laws. Don’t let it stop you from preparing your company for the inevitable – now.
- The lack of a single consistent voice will not stop public opinion from quickly shifting due to influencers and their followers. Global organizations like the World Economic Forum and its IT Governors Community (chaired by Cognizant’s Vice Chairman Francisco D’Souza) are organizing industry-wide conversations and agreements that will serve as guidelines. Smart companies will track these movements and have the technical systems in place to support a variety of possible policy outcomes.
- Smart companies should immediately update their security and privacy systems to support a more generalized business model of privacy that is a superset of anticipated government regulations or consumer expectations. This model should identify the dimensions of privacy, user controls, user interactions and a sense of the technical approach needed to implement the general model appropriate for their company.
- Remember: CCPA is but the beginning in the U.S., no matter where your headquarters may be. The federal government will not be far behind – because both voter perceptions and fines and revenues are at stake.
- This general model of privacy must mature, with new strategic thinking about classic topics updated for a digital age: data governance, data management, data cataloging, metadata and tagging.
- A boardroom agreement on privacy won’t magically appear. Companies need trusted partners with experience in both digital thinking and the core set of data management skills that can implement this thinking.
This is a conversation you need to have, with the CIO, CSO, CMO, COO and yes, even the CEO. Engage with strategists who bring experience, perspective and knowledge of the potential remedies and mitigations. Don’t wait – as GDPR turns to CCPA and eventually touches almost all of your customers, your business will need to respond. Respond early, intelligently and proudly – using your privacy policies to support and differentiate your brand.
Join us at Informatica World’s IW19 (May 20-24,) where Cognizant Advisory Senior Director Aaron Gavzy will be speaking on “Digital Transformation Empowered by Data Privacy and Governance,” Wednesday May 21, at 11:00 AM MDT.