Navigating Privacy Land Mines
It's no great surprise that privacy gets a lot of attention these days, and rightly so.
Over the past decade, we've witnessed the accelerated adoption of online commerce, which provides tremendous benefits to organizations and consumers alike. But, with online commerce, like any shift in the market that provides greater flexibility and user convenience, there's also the opposite—an equal possibility for mistakes. The most extreme errors happen when organizations fumble personal data and other forms of electronic information collected during transactions. Bungled transactions have exposed end users to damages ranging from embarrassing personal revelations to ID theft.
If you operate your business online today, you are no doubt intensely focused (or should be) on all the things that pose a danger to your brand management and the protection of your digital assets. We hear almost daily about organizations that have lost data and are publicly castigated for the mishap. Dealing with the fallout from such an experience, and repairing a brand's image, is costly and can take years.
So how do you get ahead of potential trouble? Where do you go and what can you do to take inventory of your digital and data responsibilities? Are you prepared for managing your online business and avoiding those potential land mines? And what is your readiness to respond should the worst occur?
Here is my five-step plan to prepare you for your digital and data protection journey.
Step 1: Revisit your digital responsibilities and obligations.
Are you aware of the digital responsibilities and obligations you have, and if so, when was the last time you took a moment to review these and evaluate any changes?
We take for granted that a business that operates online has conducted due diligence when it comes to its Web presence and associated corporate responsibilities. But is this really accurate?
The FTC published a document, Dot Com Disclosures, that provides a great framework for any company that conducts business online. It also highlights the associated responsibilities organizations should consider to conduct themselves appropriately. This document is a great place to start—or to revisit the rules of the digital road.
You should also be up to speed on any laws or regulations that affect your business model. Most countries now have laws that govern online commerce and the behavior of companies that operate in this arena.
Step 2: Take stock of your data inventory and assets.
There is so much misappropriated data collected that it's a good idea to revisit what you have and why you have it. Don't be afraid to deploy the "out with the old, in with the new" strategy.
Data gets old and irrelevant—but your insight and management shouldn't. The more stagnant the data you collect, the more costly it will be to maintain and repair your database should you experience an issue.
Be prepared to recycle data, and make this a core principle in your digital operations. Don't keep what you don't need. Good data practices will encourage customer engagement and ultimately produce better ROI for your brand.
Step 3: Prepare your master plan.
Everybody within your organization has a responsibility to ensure that they are up to speed on company data collection and use policies. Set up an interdepartmental privacy team to establish and manage corporate privacy goals.
Set regular discussions for all of your employees and make privacy education a crucial part of your corporate DNA. Adopt sound data breach policies and external communication strategies.
Should you have to defend yourself on the front page of The Wall Street Journal, time will be of the essence. Know exactly who's responsible for what part of the master plan before you launch it; then don't change course once it's implemented.
Step 4: Extend your privacy brand management.
Privacy management has become a robust business over the past several years. There is an abundant number of good companies, associations, trade groups, and industry think tanks focused on all things privacy-related.
These entities can help you; you don't have to go it alone. Privacy is good for business, well worth making an investment in. You should certainly conduct due diligence and explore all privacy-related products and solutions that will extend your privacy brand management and commitment in the public domain.
As we become more interdependent on partnerships and vendors, it's imperative that you understand your obligations for these ever-changing rules of the digital road. Your customers and prospects alike are now, more than ever, focused on privacy-related issues and will expect you to ensure that you're taking reasonable steps to protect and manage their data. This includes third parties you work with in any capacity. Your customers will hold you accountable, and you should hold your partners and vendors accountable as well for their standards of privacy management.
All things Web-related have digital reputations, and it's easy to trip up. Everything you do online can and will be tracked—privacy compliance-related services are a good bet for your business and should be seriously considered.
Step 5: Do it all again.
It goes without saying that we operate in a 24/7/365 world. This notion should be applied to your privacy preparedness. You should revisit your company's policies annually to ensure that any changes to your corporate directives have been included in your privacy strategies.
Did you move, expand, change vendors, lose employees, purchase new equipment, move your business to the cloud? If you've made any changes that have a direct effect on your ability to operate, you should ensure that you're covered, and feel comfortable that these changes are incorporated with your internal procedures.
The privacy landscape will continue to evolve. The factors that are going to affect our ability to conduct digital business will change and will inevitably become more complex. You must understand the new rules for the digital road.
Use any and all resources that are available to you—internal teams, external vendors, and your legal resources—to assist you in navigating the privacy minefield.
Good luck.
David Fowler is the chief privacy and deliverability officer at Act-On Software. He has provided senior leadership in the marketing industry for more than 20 years, and has spent the last nine years strictly focused on issues associated with email marketing, deliverability, digital marketing, and privacy compliance.