Jodi Daniels is a privacy consultant and founder/CEO of Red Clover Advisorsone of the few Women’s Business Enterprises focused on privacy.
Data privacy is a major factor in determining strategy and operational decisions for companies of all sizes in all industries. And while concerns about how companies collect and use consumer data have been around for almost as long as the internet has, the regulations and best practice standards for modern data privacy are quite recent.
They are also constantly changing.
About 62% of business leaders said that “their organization should do more to strengthen existing data protection measures,” according to a questionnaire by KPGM (download required). Tellingly, 29% of respondents also admitted that “their companies sometimes use unethical data collection methods.”
If you understand the importance of data privacy, but working for a company that doesn’t, trying to get everyone on track can be like teaching cats a routine of synchronized swimming. There will be screams, there will be running, and there will be hurling and fighting, but if you can pull it off, you will have built a reputation as a miracle worker.
Privacy champion vs. Storyteller Privacy
Companies committed to data privacy often have formal programs in which each team has designated “privacy champions” who are responsible for promoting the company’s privacy program and collaborating with other departments on large-scale privacy initiatives. With the support of senior leadership and resources at their disposal, these privacy champions tend to be highly effective.
But if your company isn’t all about privacy yet, how can you advocate for data privacy best practices while avoiding a herd of angry, wet cats?
The answer is to become a privacy narrator.
A privacy narrator is someone who focuses on the “why” rather than just the “how” of privacy. A privacy storyteller uses education and positivity — not the fear of non-compliance — to build a culture of privacy that naturally leads to a more formalized privacy program.
But how do you know which stories to tell and who to tell them to? Here are four main areas to focus on:
1. Get buy-in from senior leaders by demonstrating positive use cases.
2. Help employees understand how to manage their personal privacy.
3. Focus on converting your marketing team.
4. Promote privacy training in both onboarding and professional development environments.
1. Get buy-in from above
Wherever your company is on its privacy journey, you won’t get as far as you need to without C-suite support. But C-suite support for an entire privacy program — and not just compliance stopovers — can be hard to come by if they don’t understand the added value of superior data governance practices.
Discussions are likely already underway about the consequences of non-compliance (e.g., fines, coercive measures, even criminal liability in some states). The problem is, a program focused solely on compliance is likely to miss out on opportunities to future-proof processes and build agility in your operations.
Look for opportunities to be a storyteller and demonstrate how good data privacy practices can build customer trust, differentiate you from your competitors, and even increase cross-functional efficiencies.
For example, forward articles with statistics and research on privacy and consumer trust, make presentations on how privacy-first companies have improved their reputation, and share data on how streamlining data collection can save costs. Make sure everyone in the company is aware of internal privacy successes (i.e. improving data accuracy, increasing the amount of first-party data, etc.).
These proactive, forward-looking conversations could tip the scales toward a more effective program — one that can quickly adapt to changes in regulatory requirements.
2. Building support from the bottom up
One of the best ways to build support for privacy initiatives is to help employees understand how to protect their own personal information online.
By providing information on topics such as how colleagues can manage their online privacy settings, how to avoid email scams such as phishing attacks, and how to ensure their data is not sold or shared by advertisers, they will understand why the same protection is so important to your users.
3. Convert Your Marketing Team
While consumer data plays a role in every department’s operations, it is the foundation of all marketing functions. The two are so intertwined that almost all privacy laws have specific mandates governing how customers’ personal information can be used for marketing purposes.
So it makes sense that getting your marketing department on board is critical to the success of all privacy efforts. If you can show your team how first-party data can make them more effective, you’ll have a powerful ally in your quest to build a privacy culture.
A bonus? Marketers are, by definition, trained storytellers. Having them by your side can also improve your internal messaging.
4. Get on the training train
Data privacy training has historically looked like full-day seminars or boring lectures once a year. These intense workouts have their place, but aren’t necessarily the most effective method.
To change company culture, it is usually better to provide smaller amounts of information on a regular basis. By incorporating privacy best practices into onboarding training, professional development opportunities, and even weekly staff meetings (think things like password requirements, network access rules, etc.), you can ensure that privacy for your employees is paramount while you build a formal program.
Train your cats. Don’t let them train you.
Everyone knows that trying to get a cat to do something is futile. Instead, you create an environment that encourages them to engage in the desired behavior.
Building a privacy culture is similar. You will progress if you set the parameters within which you want everyone to work and give them the tools to do it organically. And telling the story of privacy is the best way to do it.