Have you noticed that your prospects and clients are beginning to take their privacy seriously? And even if they don’t focus on it today, do you think there is at least some merit planning for when they do?

Many organizations have taken initial steps on this path, but most have taken a “risk minimization” approach, rather than seeing the effort being one of investment into their brand.

Here are nine different ways that you can improve privacy within your organization — and build a higher level of trust into your brand:

1. Compliance with the most stringent international privacy standards, from GDPR, to CCPA, to PIPEDA, and more.
2. Executive responsibility for data privacy. While most organizations have a mid- or junior-level person acting as a data steward, this role often was focused on ensuring data integrity, and more recently, data integration with internal and external data sets. Given the brand risk from data breaches, the marketing opportunity of “big data”, and the increasingly strident regulations on privacy, the area requires a broader executive oversight and attention.
3. Clear internal policies on data access and privacy. Unless this actually exists, is communicated, trained, and verified, individual staff members (and managers) may put data privacy and security at risk. Since everything flows from both policy and management behavior, this is fundamental.
4. Clear, complete, and up-to-date external privacy policies. These should exist on the website, linked from every web page, and referenced wherever there is a request for user information. The policy should be written in plain English, and short enough that a typical user would actually understand how their information will be used, and the implications of this.
5. Client-centric operational processes. This means only allowing sensitive data to be accessible by those people whose roles require access to the client. Oftentimes “sensitive data” is only defined as confidential corporate information, from salaries to strategic plans; this sensitive data definition now needs to be extended into the client realm.
6. Full transparency of data usage. This can be summarized as “no creepy data sharing practices.” It is very tempting to use data brokers to enhance client data with third-party information, but care must be taken: are your clients fully cognizant of the extent of the enhanced data you would have about them? (It is an entirely separate thing to share your client’s data with these third parties without their clear and continuing consent.)
7. Data transparency. Your clients (and prospects) should have the ability to request all data that you have about them, whether it was user submitted, company-created, or from a third party. In some jurisdictions, this is the law.
8. Protection from malicious third parties. To reduce the likelihood of hacking and phishing, organizations should obfuscate account numbers on printed statements (most already do), as well as within online dashboards (which is rarely done).
9. Improved tech security. This means following better-than-basic standards of protecting information: multi-layer firewalls, penetration testing, and calendarized security audits. The responsibility for security must also fall to the user, with mandatory Two Factor Authentication and biometrics (such as FaceID/Passkeys) for account access.

Does this topic resonate? Reach out to Randall: he can present it to your group.  (More presentation topics)
Download Randall’s professional credentials: Speaker credentials one-sheet or Management Advisory credentials.

Content Authenticity Statement: 100% original content: no AI was used in creating this content.

@RandallCraig (Follow me for daily insights)
www.RandallCraig.com: Professional credentials site.