When we hear about Privacy, different terms come to mind: breach, regulation, identity theft, exposure, risk. The one word I assure you will not immediately come to mind is “sexy”. When it comes to information privacy, we think of our right to keep our personal information safe, unused, undisclosed. We fear someone getting their hands on our information and use it to their advantage or worse, to our detriment.
As businesses grow closer and deeper relationships with their customer base, what if they think of privacy management not as something they have to do because consumers, government or regulators demand it, but as something that will strengthen the unique relationship they can potentially develop with their product and services users. Why will privacy management fortify this bond? Why would it create a superior customer experience? Because the foundation of this relationship will be trust. When you develop trust, you are willing to share and there is an implicit expectation that there will be some value exchange. Who doesn’t dream of a product or service provider that, once it has access to your data, your deepest personal information, will use it ethically, with the outmost respect and with your benefit and well-being top of mind? An organization that will make your life easy because they know you and they have your best interest at heart. That, I call sexy!
But how do we get to this point? When a business uses privacy management not as a mandate but as part of their core values, as part of their culture, this mindset permeates through their employees. They know well what is at stake, they take it seriously and they do their best to provide what is best for the individuals they serve, both by giving them exactly what they want – by using the data these individuals share – and safeguarding what is most precious to them – their private information.
I see this as a win-win situation that should be the norm but yet, in general, is still not the case. Regulations tend to be the first push – just the way it is happening in the EU with GDPR – until businesses realize that there is a buck to be made by doing the right thing. It happened with quality and with workplace safety in the ’80s. How can we get to a place where it is unthinkable not to take privacy management seriously?
From my perspective, first and foremost organizations need to work hard on their most priced asset but unfortunately their biggest vulnerability: their employees. Human error in the form of weak passwords, clicked-on phishing scams, missed patch updates amongst others, is the main cause of most data breaches.
So what happens if privacy management is adopted as a key component of the culture, of the day-to-day activities that are carried out? What happens if organizations make it clear to customers that they walk the talk when it comes to protecting their valued private information and they prove so by being accountable and transparent? What happens when peers in the industry respect this organization because of the reputation they have built?
I would dare to say that this business would be caught up in what I call a virtuous cycle. People will want to work with them, they will share their information that in turn this business will use for the benefit of the individual, who clearly obtains superior products and services tailored to their needs and thus has an outstanding customer experience. Once this happens, the cycle goes on and on with trust at the core.
What should we do to make privacy sexy then?
The first step is to adopt privacy principles as part of the core of the organization:
- Identify when and where personal information is collected, used and shared
- Understand what rules and regulations apply and what is the level of current compliance
- Identify if there are any gaps in compliance and put a plan in place to close them
- Create a Privacy Council. Don’t look at this group as a “watch dog” but more as an enabler of innovation within a privacy compliant framework. A group that can help the organization achieve their objectives knowing what the rules of the game are
- Apply Privacy by Design principles. Every time a new campaign, initiative, product or service is being , ensure that the mechanics of putting it into action include privacy measures that will protect any personal information being used
- Create simple but clear policies that everyone in the organization can understand and relate to. Adoption is key
- Have an ongoing training program that reminds everyone of their obligations. Remember, privacy is part of the culture, part of core values. Talk about it, remind everyone, keep it fresh
- Have a protocol and team in place that knows what to do in case there is a breach. Be accountable, be transparent, fix the problem, learn from your mistakes and do better next time
Let us not forget that the use of personal data for monetization purposes has become pervasive. But let us also not forget that trust is an everlasting value that is the foundation of any successful relationship. Customers are our most priced relationship. Managing their private information cautiously and transparently will make our organizations very sexy in their eyes.